Active Directory

pts.
Tags:
Active Directory
Microsoft Windows
I have a windows 2000 domain controller, and all xp clients. We have a program that requires writing to the registry when you open it. The problem is the basic end user does not have permission to write the the registry. Is there a setting that I can change in Active Directory or Group policy to allow the end user read/write capabilities?

Answer Wiki

Thanks. We'll let you know when a new response is added.

As far as I can remember the only options to modify the registry within a GPO are based upon the computer configuration which would not be of much use as you say that you need to modify the registry upon the user opening the app. You could try using the SU (Switch User) utility thats part of the windows 2000 server resource kit. Once SU installed on the XP clients you could generate a script that modifys the registry automatically, you could try using the kix scripting engine as it does have native commands that allow modification of certain areas of the registry. the SU utility can provide security to protect the password used to elevate the privileges of the logged on user.

It might also be worth you having a look at the following Microsoft article though it references NT4 it may still be effective.

http://support.microsoft.com/default.aspx?scid=kb;en-us;264584

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • PaulieEddie
    You might want to first find out what section of the registry. In general the HKLMSOFTWARE is usually pretty open. You can use the Reg Mon from the www.sysinternals.com web site to exam exactly what it is trying to write to. A lot of older applications have issues because they try to write to the HKEY_CLASSES repeatedly. This is not a good practice. As far as setting permissions on the registry from a group policy, there really isn't one. The way it is controlled is on each users system or via a default ability given to a group like Power Users.
    0 pointsBadges:
    report
  • Wizzle
    If you know the exact key that the application writes to in the registry you can set the permission on that registry key. Navigate to the registry key, Edit> Permissions. You can then add the full control option for the user so that when the application is being used it will have access to run without elevated system privileges.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following