Setting windows policy for service users

0

I wan't to set up windows policy definitions (specifically, block access to removable media) to service users.

For a regular user, I use the following definition in the registry:

[HKEY_USERS\<uid>\SOFTWARE\Policies\Microsoft\Windows\RemovableStorageDevices]
"Deny_All"=dword:00000001

but service users don't have a registry hive - so there's no where to perform this definition.

Is there a method to apply a policy (or other user specific registry setting) to a service user?

Ophir Yoktan

Posted 2012-02-19T21:22:19.107

Reputation: 230

Answers

1

If by "service user," you mean the system accounts (Local System, etc.), their user profile is stored in <windows directory>\System32\config\systemprofile. You can start RegEdit and mount the NTUser.dat file that is stored in that folder. That will give you access to their HKEY_CURRENT_USER.

Patrick Seymour

Posted 2012-02-19T21:22:19.107

Reputation: 7 662

I mean both these users, but also user defined users which are used to run services – Ophir Yoktan – 2012-02-20T08:56:36.950

For any user, you're going to need to have their NTUser.dat open. Either log in as that user (if it's a "normal" user account) and go to HKEY_CURRENT_USER\Software\Policies... or mount their NTUser.dat as described. – Patrick Seymour – 2012-02-20T22:22:45.553

Asked: 2012-02-19T21:22:19.107

Viewed: 145 times

Active: 2019-06-02T08:13:36.040