locked
Registry editing has been disabled by your Administrator RRS feed

  • Question

  • Win7 Enterprise edition.  
    64Bit.  
    In a workgroup setting.
    Logged in as local ADMIN.

    GPO SETTING  -  USER CONFIGURATION/Administrative Templates/System - Prevent Access to Registry Editing Tools
    Prevent Access to the Registry is ENABLED
    Disable regedit from running silently?  Is set to NO.

    I have a batch file that looks like this below. It is a tool that we use to support the NBC software in use in over a 1000 computers some on a domain some off.
    ----------------------------------------------------------------------------------------------------------------------------------------------

    @echo off

    cls
    echo NBC values:
    REM  note: "findstr ." removes blank lines
    REG QUERY "HKLM\System\NBC\Software\CurrentConfig" /s | find /v "REG.EXE" | findstr .

    echo Done.
    pause

    -----------------------------------------------------------------------------------------------------------------------------------------------

    This BAT file worked without any issues in XP using the settings at the top BUT in Win7 I receive the message "Registry editing has been disabled by your Administrator" message.

    By setting the GPO setting to "Not Configured" the BAT file works but we do not want to give users any access to the Registry.

    Why does the /s setting not work in Win7 but works in XP?

    Monday, February 24, 2014 5:22 PM

Answers

  • Hi,

    I think I confused Computer Configuration with User Configuration in XP, so yes, this policy does exist in Windows XP, sorry for my negligence.

     

    And I am still confused with the silent switch you mentioned, do you mean the /s in the following command

    REG QUERY "HKLM\System\NBC\Software\CurrentConfig" /s | find /v "REG.EXE" | findstr .

    It doesn’t mean a silent switch but  specifies to query subkeys

    /s

    -------Specifies to query all subkeys and value names recursively.

    You can find detailed information in this link:

    Reg query

    http://technet.microsoft.com/en-us/library/cc742028.aspx

    To silently run the .reg file (with the /s switch) from a login script batch file, use the following syntax:

    regedit.exe /s path of .reg file

    so I suggest you re-edit the bat file use the above syntax for a test.

    Regards


    Yolanda Zhu
    TechNet Community Support

    • Marked as answer by BG_CSD Thursday, February 27, 2014 3:08 PM
    Wednesday, February 26, 2014 2:00 AM

All replies

  • Hi,

    As a workaround, you can use the runas command to use another user to launch the bat file

    Runas

    http://technet.microsoft.com/en-us/library/cc771525.aspx


    Yolanda Zhu
    TechNet Community Support


    • Edited by Yolanda Zhu Wednesday, February 26, 2014 2:03 AM wrong information in the original reply
    Tuesday, February 25, 2014 8:25 AM
  • This is what I have in our current XP machines:

    And this is what I have with our current Win7 Image:

    I noticed that the verbiage is different.  "Disable the command prompt script processing also?" versus "Disable regedit from running silently"

    So this is where I am confused. Yes prevent access to registry editing tools BUT should Disable regedit from running silently, set to NO, allow regedit.exe to run just using the silent switch???

    Thanks.

    Tuesday, February 25, 2014 4:37 PM
  • Hi,

    I think I confused Computer Configuration with User Configuration in XP, so yes, this policy does exist in Windows XP, sorry for my negligence.

     

    And I am still confused with the silent switch you mentioned, do you mean the /s in the following command

    REG QUERY "HKLM\System\NBC\Software\CurrentConfig" /s | find /v "REG.EXE" | findstr .

    It doesn’t mean a silent switch but  specifies to query subkeys

    /s

    -------Specifies to query all subkeys and value names recursively.

    You can find detailed information in this link:

    Reg query

    http://technet.microsoft.com/en-us/library/cc742028.aspx

    To silently run the .reg file (with the /s switch) from a login script batch file, use the following syntax:

    regedit.exe /s path of .reg file

    so I suggest you re-edit the bat file use the above syntax for a test.

    Regards


    Yolanda Zhu
    TechNet Community Support

    • Marked as answer by BG_CSD Thursday, February 27, 2014 3:08 PM
    Wednesday, February 26, 2014 2:00 AM