2
There are a few ways to add or update a key in the HKCU registry. There are a few ways to modify a workstation with Group Policies. I have tried a few of these, and I could use some help.
I have a set of four cscripts that I compile to exe with VBSEditor from Adersoft.
These compiled scripts run very well and are faster than running a .vbs script.
I have a script for Startup, Logon, Logoff, and Shutdown. Currently these scripts access the SQL server and server file shares (logon and logoff only), read the local registry and run some commands via the wscript.shell object. All of this works as expected, within the limits that tasks that require admin privileges must run during shutdown/startup and tasks that require network access (fileshares and sql server) must run during logon and logoff.
My problem occurs when trying to create and/or modify a registry key in HKCU. I can read the keys just fine, and my scripts work when run from an administrator login session, but they do nothing when run during GPO startup, shutdown, logon or logoff.
Due to my lack of experience, I do not know most of the quirks of the environment that Group Policy scripts must run in.
Here is one set of commands that works in the console but fails in GPO:
set oRegistry = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
strValueName = "NoControlPanel"
oRegistry.CreateKey HKEY_CURRENT_USER, strKeyPath
oRegistry.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,drtval
And here is an alternative method:
strKeyPath = "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
strValueName = "NoControlPanel"
strKP = strKeyPath + "\" + strValueName
o=wshShell.RegWrite(strKP, drtval, "REG_DWORD")
drtval is 0 or 1 depending on whether I enable or disable the registry tools.
Can someone see what I am doing wrong?
The particular workstation I am testing this on is an XP Pro. I have about 100 of these puppies to manage via GPO.
Any help would be appreciated.
1Why wouldn't you use GPO to set that policy directly instead of trying to do it "manually" from a script? When it comes to Startup and Shutdown, the scripts are run as a System user and so no user profile is loaded; hence no HKCU hive. Not sure off hand why you wouldn't be able to access them during logon and logoff though. Can you put some logging in your script and tell us what error the actions on oRegistry fail with? – Ƭᴇcʜιᴇ007 – 2014-11-08T02:13:37.390
Thanks Techie007 for your comment. Trust me I have valid reasons for wanting to modify registry from script. I have already done debugging. More importantly, I can read the HKCU hive from the shutdown, so I do not know why you would say it is not available. Indeed, I have read the value(to file), then executed the command, followed by another read to file. The second read never occurs. Likewise, err.number is not set. Yet it runs from the console. Still looking for some help! – Timbo – 2014-11-10T18:28:06.620
Techie007. I hit tab. The comment got posted. Why so rude? – Timbo – 2014-11-10T18:31:50.047
It was a sarcasm; but if you had just left it as is, you would have been about the 1,000,000th person to not answer all the questions/suggestions posed to them in a comment asking for clarification; it's quite usual unfortunately. :) – Ƭᴇcʜιᴇ007 – 2014-11-10T18:34:54.900
So can you provide any insight? I have a 1000+ line script ready to deploy if I can get this working.. – Timbo – 2014-11-10T18:40:10.780
For debugging purposes: force your currently debugged Logoff / Shutdown script to run using
wscript.exe
engine and add someWscript.Echo "something done"
in places you consider to be crucial. Also forceOn Error GoTo 0
to see possible run-time errors. – JosefZ – 2014-11-13T07:04:48.273