adding registry key for Windows local SYSTEM user - windows

I am somewhat new to Registry Keys in Windows. What I want to do is add a registry key ONCE that will take effect on the local SYSTEM user (for as long as my program is installed). This registry key will need to be added through a batch file while logged on as a regular user (not the SYSTEM user). What I am doing exactly is running a batch script that creates a windows service. This service is running as the local system user. The service is trying to do something that requires a registry key to be set. I tried manually setting the registry key in HKEY_LOCAL_MACHINE but I am still hitting the roadblock when my service is run. Is this the correct place to change registry keys so that the local system account will see them? Any knowledge on the subject would be greatly appreciated!

Related

How to read HKCU Registry key of another user in admin on powershell?

I have a powershell script that runs automatically thanks to a taskscheduler and its purpose is to take the version of all the softwares of the system in order to make a list and to quickly have an overview of the versions that are outdated. The problem is that in order for it to run at any time, the script is assigned to the SYSTEM user. However, some applications are only assigned to one user and SYSTEM cannot find them in its HKCU key.
So the question is, how can I list all the content?
Thanks in advance
You will need to load their hive first
REG LOAD HKEY_Users\johnshive "C:\Users\john\NTUSER.DAT"
You can then address their hive via powershell e.g.
Get-ChildItem -Path Registry::HKEY_USERS\johnshive
If the person is logged on, you have to go into HKU and find all registry keys that end in "_Classes". Then remove the "_Classes" from the end of those keys and that is the list of possible keys that belong to the user. If there is only one, and you know the person is logged on, then that is probably their key. But if there is more than one, then you have mostly empty ghost copy/copies where windows failed to fully unload it. Afaik, the ghost copies will not have the subkey "Volatile Environment" with the value "USERNAME", but I have suspicion that this isn't a true statement. I've had PsLoggedon.exe report two users logged on, but only later did I learn PsLoggedon.exe uses HKU to find who is logged on (not sure what subkeys and values it uses).
But if the user is not logged on, don't even go down that road unless you are a very detailed oriented person. If you load their registry hive, do your work, and forget to unload their registry hive, you will lock their registry hive file, Windows will think the profile is corrupt, build a new user profile, user will log in finding Documents folder empty and think their files are gone. I did a lot of experiments injecting mapped network drives into registry hive files of test users before I ever did that on an actual user profile.

How to detect Active Setup in MSI

i have a MSI installation package that is installed as SYSTEM User and adds an active setup entry to the registry. This setup makes sure when a new user(new = that has not executed this setup until now) is logging on msiexec adds all missing registry entries.
In the MSIEXEC i need to do a net use to mount the users home directory. This cannot be done as system user and needs to be done in the user context.
However i seem to be completely unable to detect that the setup is currently running on the user context. Thats why i thought it would be nice to give additional parameters to the StubPath in the active setup entry. I tried NETUSE=1. This however did nothing. The setup just ignored this parameter and uses the parameter given during installation. So NETUSE stays 0.
Any ideas what kind of condition i could use for my custom net-use action?
Why is an MSI mounting a users home directory? I would write a small utility to do all this work and just have the MSI put it in the Run registry key. Install once per machine as System and then when the user logs in the utility gets called and does whatever per-user work you need to have done.
If the installer legitimately needs to populate per user registry data then that is fine to continue the active setup pattern.
You can try to use your own custom action configured to run only when the LogonUser property is different tan SYSTEM.

Windows 7 User Log off scripts - Keys getting deleted after reboot

I am trying to create a user log off script by adding a registry entry under HKCU\Software\Microsoft\Windows\CyrrentVersion\GroupPolicy\Scripts\Logoff.
After I install the msi I built, the registry keys are set properly. Once the installation ends, the system is rebooting and I see that the keys are deleted.
What could be going wrong ?
That key is owned by group policy. Anything you change there will be changed back by group policy on the next refresh. You shouldn't store anything in the Group Policies manually or via your program to the registry. If you add the key VIA group policy, it will stay.

Write to HKEY_LOCAL_MACHINE on Windows 7 without Administrator privilleges

First of all, I realize this is a messy situation, but it's not of my design, and I'm just trying to help, and for that I need your help.
App A is getting installed automatically via SMS installer under the Administrator account, not the PC owner's User account. App A has a registry key defined in HKEY_LOCAL_MACHINE hive.
After App A is installed, we want to edit the above mentioned registry key, to assign the User's C:\Users\USER_ID\Documents\ folder (I'm told we don't don't know who the user is and don't have access to USER_ID during step 1).
I know all about UAC, Application Manifest, and requestedExecutionLevel. However, I'm told we can't expect that all users will be in the Administrators group on their machine.
Solution must be backwards compatible with Windows XP as well.
I'm searching for options to get `C:\Users\USER_ID\Documents\' into the 'HKEY_LOCAL_MACHINE' hive under the above listed conditions.
I found this thread that might be related to a similar situation, but I don't fully understand it yet (so I will give credit to anyone that explain it better):
Find out (read) logged in user in a cmd started as a different user
I also read something that rules out ClickOnce:
Clickonce + HKEY_LOCAL_MACHINE
After App A is installed with admin privileges you are trying to run an additional script as the local user who does not have admin privileges . In order for your secondary script to write to the local machine key it will have to be run with administrative privileges ..period. That said, you have basically two choices:
1) Use the RunAs command to run the script with elevated privileges and have the user type in a admin username and password to run the script with elevated privileges.
2) This is the better way imo - Since SMS is being leveraged as the delivery tool, use its capability to detect and use local client configuration settings to write the key at the time of installation.
So basically the SMS package would have to be setup to run only when the local user logs on one time so that SMS can grab the current user and write it to a file somewhere.. after that is completed SMS can run a separate package as the admin (user will get prompted) to do the software install looking for the file containing the user and then consequently updating the local machine key to the correct user my document path.
Enjoy!

How to make an application GPO aware?

I'm writing an application in Delphi 2010, and I'd like to provide the option to the administrator to configure it via Group Policy. Any recommendations on good ways to make my application GPO aware? Note, I am only looking to create a computer based GPO, not user.
My current solution involves simply first determining if any values have been written to the registry at HKLM\software\policies\MyProgram. If they have, I assume that GPO has been applied and I use this location to read configuration.
If nothing exists at the above registry location, I proceed to reading configuration at the standard location, whether that's an INI file, or another reg key does not matter. At this point, I make the assumption in the program that group policies are not being used.
Would anyone suggest a better way to make this application GPO aware?
It's not that you have to be group policy aware, it's that the group policy has to be aware of the registry keys your program uses.
The purpose of custom Group Policy Templates is to have a user-interface for managing a custom set of registry keys used by a particular program. The domain administrator sets the policy to the desired values, and the policy is pushed out to machines on the domain.
In your case, the custom policy template will define the corresponding HKLM registry keys that your program uses. You can now trust that the values stored in:
HKLM\Software\MickSoftware\My Program 2010
are what the administrator has desired be there.
Note: The following "policy" registry locations are non-persistent:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
HKEY_CURRENT_USER\SOFTWARE\Policies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
"This means that when you log off the computer or when you shut down the computer, the policy settings are removed."
So it seems to me you want to store your registry values where you normally store them, e.g.:
HKLM\Software\Avatar Software Creations\HelpDesk\DatabaseServer
ServerName: REG_SZ = "lithium"
UserID: REG_SZ = "helpdesk"
Password: REG_SZ = "aSBsb3ZlIHlvdSBLaXJzdGVuIFNoZWxieSBHdXllcg=="

Resources