General discussion

Locked

1500 POINTS!!!! POLICY HELP NEEDED!

By gw4goofy ·
I need to create a policy to restrict users from installing any software "of course there are exceptions" these users run a custom app that the DBA modifies regularly by sending users an update.reg file with the registry keys they need to run. Theyjust double click the new .reg file to merge the settings into their local registry.

We have already create the restricion policy that stops software installs. It worked now we have added the policy entries to enable edit of registry, added regedit.exe and regedit32.exe to programs they can run but they get a generic policy restriction when the run the new reg key updates.

What other settings do we need in the policy to allow them the abilty to merge new registry keys? Is there anothersolution I'm overlooking? We don't want to run a remote regedit on 40 or so machines...

I hope the question now gives enough information that the masses of Tech Guru's out there can come up with a solution.

I'll bet 1500 points on it..
Are there specific restrictions to allow them to modify only a certain key?

This conversation is currently closed to new comments.

21 total posts (Page 1 of 3)   01 | 02 | 03   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

1500 POINTS!!!! POLICY HELP NEEDED!

by fenaikh In reply to 1500 POINTS!!!! POLICY HE ...

Hi

pls read this article which disable regedit.exe and regedit32.exe,but let you run
xxxx.reg files.
Note: pls download unlock.reg first before you apply any thing.

good luck
mohamed

Disable Registry Editing Tools (All Versions) Popular
Category: Security > System
This setting disables the ability to run the registry editing tools Regedit.exe or Regedt32.exe interactively.


http://www.winguides.com/registry/display.php/190/

Collapse -

1500 POINTS!!!! POLICY HELP NEEDED!

by gw4goofy In reply to 1500 POINTS!!!! POLICY HE ...

The question was auto-closed by TechRepublic

Collapse -

1500 POINTS!!!! POLICY HELP NEEDED!

by t.kotoulas In reply to 1500 POINTS!!!! POLICY HE ...

If your PCs have no local admins with the user account of the person that runs the script, then once they run it regardless of enabling via policy the regedit.exe, the changes are going to be written to the registry, but to the local registry cache.At logoff-logon the changes are going to withdraw. If you make as local admin an account hidden to the common users and run the script with its logon, then regardless of the policy of registry tools the script shall run fine.

Collapse -

1500 POINTS!!!! POLICY HELP NEEDED!

by gw4goofy In reply to 1500 POINTS!!!! POLICY HE ...

The question was auto-closed by TechRepublic

Collapse -

1500 POINTS!!!! POLICY HELP NEEDED!

by shmaltz In reply to 1500 POINTS!!!! POLICY HE ...

If you run winnt the user will need at least power user role to update the registry

Collapse -

1500 POINTS!!!! POLICY HELP NEEDED!

by gw4goofy In reply to 1500 POINTS!!!! POLICY HE ...

The question was auto-closed by TechRepublic

Collapse -

1500 POINTS!!!! POLICY HELP NEEDED!

by iddy In reply to 1500 POINTS!!!! POLICY HE ...

I am almost certain that the user will have to be configured as a poweruser or above for this to work, as the user account still has limitations even if the policy says they can can access the registry.

Collapse -

1500 POINTS!!!! POLICY HELP NEEDED!

by gw4goofy In reply to 1500 POINTS!!!! POLICY HE ...

The question was auto-closed by TechRepublic

Collapse -

1500 POINTS!!!! POLICY HELP NEEDED!

by Mackem In reply to 1500 POINTS!!!! POLICY HE ...

Create a new User ro group giving power user or administrator rights, then disable this account using time limits. Only enable the account when user needs to update reg, but still use time restrictions to force user to log off and log back on as regular user. You could also change the password for this account after use to make sure the user cannot get by the time restrictions. I would also audit this user to make sure that only correct procedures were carried out during logons.
Best of Luck

Collapse -

1500 POINTS!!!! POLICY HELP NEEDED!

by gw4goofy In reply to 1500 POINTS!!!! POLICY HE ...

The question was auto-closed by TechRepublic

Back to Windows Forum
21 total posts (Page 1 of 3)   01 | 02 | 03   Next

Related Discussions

Related Forums