cesinha87 Posted January 29, 2020 Posted January 29, 2020 So I have AutoIt installed on Windows 2016 and Windows 10 and they are both 64bit. When I run the code on the Windows Servers 2016 it works but the same code does not work on Windows 10 unless I add #RequireAdmin to the code. This script will be deployed through SCCM and must to run in the background without prompt anything Note: They Regkey will always be under HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer and not Wow6432node RegWrite("HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoViewOnDrive", "REG_DWORD", "1") $sFilePath = RegRead("HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoViewOnDrive") ;MsgBox($MB_SYSTEMMODAL, "", "Program files are located at: " & $sFilePath)
Subz Posted January 29, 2020 Posted January 29, 2020 (edited) Be default the "Policies" key in HKCU requires admin privileges, suggest using Group Policy. nb: This is unrelated to 64-bit, it's a user rights issue. Edited January 29, 2020 by Subz
ViciousXUSMC Posted January 29, 2020 Posted January 29, 2020 If you run from SCCM it will execute as System, you wont have any issues. Also AutoIT might be a bit heavy handed just for a reg key, you can do that with simple .bat files as well.
Subz Posted January 29, 2020 Posted January 29, 2020 Problem running as System is it will add the key to the System accounts registry hive not the users.
ViciousXUSMC Posted January 29, 2020 Posted January 29, 2020 Yeah might need to use reg load and such to really do it proper.
cesinha87 Posted January 29, 2020 Author Posted January 29, 2020 You are right....it's using the System account. Everything works expect writing the registry, of course, if I right-click on the executable and elevated the resources then it works or add #RequireAdmin. Any way I can accomplish this silence? Any suggestions?
Subz Posted January 29, 2020 Posted January 29, 2020 System account doesn't use UAC, so you shouldn't be prompted. However as ViciousXUSMC mentioned if you want to target all user profiles, you would have to load/unload each users hive to add the key, however if you have any logged on user(s) you will need to use HKU\{Guid}\... to add the value, by using RegEnumKey
AdamUL Posted January 29, 2020 Posted January 29, 2020 Have a look at engine's HKCUReg UDF. It allow you to write to all user profiles or only certain ones. It will do the registry hive load and unload within the UDF. Adam
Subz Posted January 29, 2020 Posted January 29, 2020 Group Policy would still be the best option imho: It can be managed centrally You can apply it only to particular AD User group, for example we apply these settings to our Kiosk, Citrix and RDS users, but don't want this being applied to domain admin accounts, system account or support accounts on those systems. If those users log on to a company desktop/laptop these settings aren't applied. My 2cents AdamUL and Earthshine 2
jguinch Posted January 29, 2020 Posted January 29, 2020 Has anyone tried LGPO.EXE ? It could match with that need. BTW, as @Subz said, the best practice is to use the Group Policies from you AD. @cesinha87 , can you explain us why you can't (or don't want) to use GPO ? (if you have SCCM, you have an AD) Spoiler Network configuration UDF, _DirGetSizeByExtension, _UninstallList Firefox ConfigurationArray multi-dimensions, Printer Management UDF
cesinha87 Posted January 30, 2020 Author Posted January 30, 2020 The problem with Group Policy is that if someone steals a laptop and takes home, they won't be able to enforce the policy but they have a way to enforce through SCCM via DMZ and have the ability to trigger as soon the SCCM client connects via DMZ I did research and LGPO seems to be a way to change the local group policy. Still looking to a way to achieve this problem, I am not a AutoIT guru and I am trying to come up with a code using Registry UDF
jguinch Posted January 30, 2020 Posted January 30, 2020 (edited) If you want to use an AutoIt script through SCCM , you have to consider that : the SCCM client is executed as a service, so the UAC should'nt be a problem you'll have to apply the modifications in the registry hive of each local profile, including : logged on users : can be done directly from HKEY_USERS\S-1-5-21XXXX keys all existing local profiles (not logged on) : can, be done by loading each regitry hive with the UDF like said @AdamUL each new user profile : can be done by loading the default user's regitry hive Here is a starting point to list all local user profiles and see how you can load a registry hive: I suggest you to try the LGPO tool first, maybe it will be simpler. Edited January 30, 2020 by jguinch Spoiler Network configuration UDF, _DirGetSizeByExtension, _UninstallList Firefox ConfigurationArray multi-dimensions, Printer Management UDF
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now