Adding trusted site setting to all users without administrator right

system · December 3, 2011, 5:26pm

(imported topic written by SystemAdmin)

Hi All,

I need to add below registry to all non-administrator users (for adding a trusted site in internet option)

http://HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\example.com

http://HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\example.com\trust

“http”=dword:00000002

Tried to add below command before execute the RunAsCurrentUser.exe, not working as the new privilege only applied to users after they log out and log in again.

dos net localgroup Administrators {name of logged on user} /add

Registry inserting action with the aid of RunAsCurrentUser.exe…

dos net localgroup Administrators {name of logged on user} /delete

Any suggestion / guidance will very much be appreciated.

system · December 3, 2011, 8:38pm

(imported comment written by SystemAdmin)

There are a few different ways to edit HKCU, and you do not necessarily need to use RunAsCurrentUser.exe and add admin rights to the user. In fact, I would discourage adding the user to the Admin group temporarily.

http://forum.bigfix.com/viewtopic.php?id=1909

Just note that “current user keys (logged on users) of registry” does not work in the debugger, which is a huge pain.

system · December 4, 2011, 7:58am

(imported comment written by SystemAdmin)

Just figure out I can’t import the registry when I’m in RunAsCurrentUser.exe mode is because of the “current user” doesn’t have access right to BES Client program folder. So, I copy out the .reg file to another folder where the current user able to access. It’s work!

/////////

action uses wow64 redirection false

download http://trust.example.com/internet_optionreg.tmp

continue if {(size of it = 742 AND sha1 of it = “ba69de28af654f3c13968cc9983772948c79e844”) of file “internet_optionreg.tmp” of folder “__Download”}

extract internet_optionreg.tmp

dos md c:\temp

dos copy __Download\internet_option.reg c:\temp\internet_option.reg

prefetch RunAsCurrentUser.exe sha1:ee47505ebfb2790b9da8a20ed70e67158e9753d0 size:342528 http://software.bigfix.com/download/bes/util/RunAsCurrentUser-2.0.3.1.exe

utility __Download\RunAsCurrentUser.exe

waithidden “__Download\RunAsCurrentUser.exe” --w regedit /s “C:\temp\internet_option.reg”

dos del c:\temp\internet_option.reg

dos rd c:\temp