locked
User profiles won't load reg files at logon when part of Domain Users group only RRS feed

  • Question

  • Hi all, I've had this problem for quite a while. Any help would be greatly appreciated.

    I have a W2K8 domain with XP SP3 workstations. When logging on with a domain account, I have set a batch file as a logon script through AD, which after doing it's work, in turn calls a reg file.

    The batch loads fine but the reg file won't load.

    I've found that adding the user to the Domain Admins group fixes this.

    Is there anyway in which this can be fixed other than having my domain users as admins (which I really don't want)? Maybe a policy setting that gives the Domain Users group permission to run scripts?

    Thanks in advance - Dave.

     

    Sunday, November 28, 2010 9:17 AM

All replies

  • You'll have to be logged in as the administrator at the console the reg file needs to be loaded onto, but you can do this by typing "mmc /a" at the cmd prompt, (which will allow you to "author" the console you are about to create) and then adding the snapins for group policy. right click the snapin after you've added it to the default console by selecting (add snapin) from under the "file" header at the top, and you will see the options for group policy users. The templates for users, system and machine each specify the run permissions, with the system policy overriding the user accounts, but not necessarily the machine accounts. You can use the help files within the console to guide you further, but be sure to save the console by clicking the "file" header, and choosing save as (the default is console1.msc).

    "http://support.microsoft.com/fixit/default.aspx ". This is MICROSOFT'S new, FREE, fully automated, anonymous support portal, which can help users resolve windows and other product issues with a few mouse clicks. BOOKMARK THIS SITE, EVERYBODY !!!
    Sunday, November 28, 2010 9:13 PM
  • Thanks for your response.

    You wouldn't know which specific policy, would you?

    - Dave.

    Monday, November 29, 2010 10:13 AM
  • What exactly Registry keys are you talking about?

    Logon scripts are processed with current user credentials. If your reg-file gonna edit system-wide settings, it's not possible since standard users do not have appropriate permissions.


    MCITP: Enterprise Administrator; MCT; Microsoft Security Trusted Advisor

    Monday, November 29, 2010 2:50 PM