Question How can I modify MMC with CMD?

Status
Not open for further replies.

DieKartoffel

Honorable
Mar 31, 2017
13
0
10,510
I made a post similar to this two days ago, and there's one part that I'm stuck on, but I thought it would be worth making a new thread since it seems so complex to me, and I'm sure I'll have many questions on it.

I've been trying to make a batch script that can modify the "Run only specified Windows applications" of users in MMC, but I'm not having too much luck. So far, my script can correctly find and add the program that I want to add to the allow list, but it never saves it. After much testing, I found out that it needs to be applied, and that's the part I'm not sure how to do.
To start, the registry keys that I need only show up if I have MMC open. After that, I can add the program that I want to allow to them via my script, but it never saves. Once I close MMC, the registry keys disappear as well. Basically, what I've found through manual testing is that my added programs do indeed show up in the allow list in MMC, but they don't get saved because I can't hit the "Apply" button, so once I exit, it just discards the changes. What I need is a way to make my script apply the changes before exiting MMC, and I'm hoping that will solve the issue. @Eximo recommended that I use Process Monitor to see what the apply button does, and I did try, but I've never used it before today, so I'm not sure if I'm filtering it properly or what. I can't really see anything specific that it's doing. What I think it's trying to do is to delete the RestrictRun key, recreate it, and then add all of the old allowed apps back plus the new one, but that still doesn't really help me.
If anybody knows how this can be done, I'd appreciate the help! I'm completely stuck.
You can see the old thread here if you want to use it as a reference. Thank you!
 

Ralston18

Titan
Moderator
The root issue is the requirement to modify what is considered a security measure.

Administrators have the necessary tools and permissions to make such changes.

Along with a variety of options to actually implement adding and deleting applications allowed to any given end user or group.

Starting a new thread is not necessary.

Post the above to the original post and add further comment and explanation as you deem necessary and appropriate.

This thread is being closed accordling.
 
Status
Not open for further replies.