XP registry changes with login script



Archived from groups: microsoft.public.windowsnt.domain (More info?)

I manage 5 schools which are going to migrate from NT4 & W95 workstations to XP in NT4 domains. Currently we use Kix scripts to change registry settings during logon as part of our security. Testing this on an XP workstation shows that the hacks work for an domain admins user, but not an ordinary user. All users log on to the domain, not the workstation (with several hundred users of each workstation changes to the workstation are not practical) Also, of course, there are 180 new users every summer!!

Any ideas that I can try on the NTserver to fix this?
Thanks in anticipation



Mar 30, 2004
Archived from groups: microsoft.public.windowsnt.domain (More info?)

We use Scriptlogic in our domain and it also uses Kix scripts as one method of making registry changes. We experienced the same problem with XP and changed the scripts so that they wrote a file witht he registry changes to the Users Documents and Settings folder and then used that file as a source for the portion of the script that actually made the change to the Registry. The line in the script that actually alters the Registry must be run as admin. That is probably more confusing than I intended so here is an example of the code:

; Custom Script for modifying a registry key
; Makes the following changes to this key to eliminate default Hidden shares

; create a file with all the registry key changes you would like to make
$file =$profiledircu + "\defshare.tmp"

if not exist ($file)
$rc=open(1, $file, 5)
$rc=writeline(1, 'Windows Registry Editor Version 5.00' + $CRLF)
;change this line to the key you want to modify
$rc=writeline(1, '[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters]'+$CRLF)
;change this line to the value you want to modify
$rc=writeline(1, ' "AutoSharewks"=dword:00000000'+$CRLF)
; and so on and so forth for a second key/value pair
$rc=writeline(1, '[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters]'+$CRLF)
$rc=writeline(1, ' "AutoShareServer"=dword:00000000'+$CRLF)
$rc=slExec('regedit', '/S '+'"'+$file+'"','Admin During')
; shutdown("","System is being rebooted to enable new settings - CIT",15,1,1);
; add the contents of the file to the registry
; do this as Admin, During Login, and Hide the Output from the User

This was written to work in conjunction with the Scriptlogic application, but it should still be helpful.
You will notice a line that forces a reboot that was commented out...we decided not to use it at this time, but you may find it useful.

The following line uses a system variable to write the file, defshare.tmp, into the Documents and Settings folder (which the user will have Full Access to by default)
$file =$profiledircu + "\defshare.tmp"
This will work on NT, 2000, and XP machines, as the Variable points to the appropriate location in each OS.