none
ERROR: registry editing has been disabled by your administrator

    Question

  • Hi,

    I tryed to run CMD script on windows 7 domain computer from domain limited user account and got the error: registry editing has been disabled by your administrator, I chacked GPO and it is:

    Prevent access to registry editing tools
    Disable regedit from running silently? NO
    Setting - enabled,

    Why I can't run the scripts?

    thanks,
    aurimas

    • Edited by pikul Tuesday, August 17, 2010 1:16 PM
    Tuesday, August 17, 2010 12:38 PM

Answers

  • That's why I suggested that you should create that .REG file with a logon script rather than have it statically with the variables. Write a script that would push the lines into a custom .REG file and let the regedit command apply it - that should work. By the time the script executes, it substitutes %username% with the actual logon name of the user before pushing the information to the .REG file.

    Let me say that again: that's not a too good solution. You'd be doing much easier looking at GP Preferences, if you have the chance.

    Cheers,

    Florian


    Microsoft MVP - Group Policy (http://www.frickelsoft.net/blog)
    • Marked as answer by pikul Wednesday, August 18, 2010 9:39 AM
    Wednesday, August 18, 2010 8:40 AM

All replies

  • Hi,

    pleaes have alook at the following KB and see if it applies to your situation:

    http://support.microsoft.com/kb/831787

    hope this helps,

    Gunter

    Tuesday, August 17, 2010 1:11 PM
  • Hi, Gunter,

    this applys to windows xp, our domain environment is windows 2008 dcs and windows 7. But i am not able to run script in regular users to change users registry.

    aurimas

    Tuesday, August 17, 2010 1:15 PM
  • Hi,

     

    If you enabled "Prevent access to registry editing tools" and clicked No in the "Disable regedit from running silently?" box, the script file need to use the "regedit.exe /s" silent switch. Please double check if your script uses this switch.

     

    Regards,

    Bruce

    Wednesday, August 18, 2010 5:24 AM
  • my script is:

    Reg Add HKCU\Software\Microsoft\Office\Common\UserInfo /v UserName /d "%username%" /f
    Reg Add HKCU\Software\Microsoft\Office\Common\UserInfo /v UserInitials /d %username:~0,2% /f

    how to enable it to run with regular user's rights?

    thanks
    aurimas

    Wednesday, August 18, 2010 6:08 AM
  • Are these changes in an example registry on a machine? If so, can you export those two registry and use that as a template to see what a sample REG file for importing looks like. It should look somewhat similar to this:

    [HKEY_CLASSES_ROOT\.3gp]
    @="QuickTime.3gp"
    "Content Type"="video/3gpp"

    "Content Type" is what UserName and UserInitials is for you, "video/3gpp" is the %username%. So now you could create your own registry script file, in a user script:

    echo [HKCU\Software\Microsoft\Office\Common\UserInfo] > myReg.reg

    echo "UserName" = "%username%" > myReg.reg

    echo "UserInitials" = "%username:~0,2% /f" > myReg.reg

    After that, you can call regedit.exe to import that .REG file for the user:

    regedit myReg.reg

     

    A better yet solution would be using GP Preferences. They have a Registry extension you can use to easily populate registry keys, even with variables. I'd strongly encourage you to look into that.

    Cheers,

    Florian


    Microsoft MVP - Group Policy (http://www.frickelsoft.net/blog)
    Wednesday, August 18, 2010 6:22 AM
  • so the script myReg.reg will be:

    ------------------------------
    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\Microsoft\Office\Common\UserInfo]

    "UserName" = %username%
    "UserInitials" = %username:~0,2%
    -------------------------------

    and I will run it with run.bat scritp:

    regedit /s myReg.reg  ?

    thanks
    aurimas

    Wednesday, August 18, 2010 8:06 AM
  • Yeah, that should work - assuming you have that registry export saved as myReg.reg and saved somewhere the client can access it during user logon.

     

    Cheers,

    Florian


    Microsoft MVP - Group Policy (http://www.frickelsoft.net/blog)
    Wednesday, August 18, 2010 8:14 AM
  • just checked, looks like reg file doesn't like: %username% ,  %username:~0,2%. If I add quotes "%username:~0,2%" registry is updated just with  %username:~0,2% value. No user name is entered to the registry.

    thanks
    aurimas

    Wednesday, August 18, 2010 8:22 AM
  • That's why I suggested that you should create that .REG file with a logon script rather than have it statically with the variables. Write a script that would push the lines into a custom .REG file and let the regedit command apply it - that should work. By the time the script executes, it substitutes %username% with the actual logon name of the user before pushing the information to the .REG file.

    Let me say that again: that's not a too good solution. You'd be doing much easier looking at GP Preferences, if you have the chance.

    Cheers,

    Florian


    Microsoft MVP - Group Policy (http://www.frickelsoft.net/blog)
    • Marked as answer by pikul Wednesday, August 18, 2010 9:39 AM
    Wednesday, August 18, 2010 8:40 AM
  • ok I created GP reference and it works. But variable %username% does not working in GP reference.

    thanks
    aurimas

    Wednesday, August 18, 2010 9:29 AM
  • it works

    thanks guys
    aurimas

    Wednesday, August 18, 2010 9:39 AM
  • Cool, thanks for the feedback!
    Microsoft MVP - Group Policy (http://www.frickelsoft.net/blog)
    Wednesday, August 18, 2010 10:08 AM