We have need to modify a registry key in the HKCU branch to solve a slight issue between two programs on some client machines. The issue is that these users do not have Admin access on their machines and cannot modify the registry due to restrictions. Obviously because BigFix runs as SYSTEM a simple reg file won’t work (it will modify the wrong HKCU).
I’ve already read the
pinned topic in this forum
but it did not work (I tried the same test script as posted there). In fact I even tried to run the same command BigFix would through a Cmd prompt with no success (i.e. +RunAsCurrentUser-2.0.exe regedit /s bigfix_test.reg+).
Any ideas? For reference I tested this on my own machine while logged in under “user” status with XP Pro SP3.
Rather than writing to “HKCU”, I prefer to write to “HKU” since SYSTEM has access to it. The trick is finding out the SID of the user so you can modify the proper user. From looking at the inspectors file, it looks like this should be as simple as “sid of current user”, but that doesn’t work. This is the simplest method I have worked out:
component string of sid of security account (“DOMAIN” & name of current user)
Fill in domain with whatever your domain name is, or eliminate it if these are stand alone machines. Unfortunately the current user inspector does not return domain name, so it is necessary to put it in there. In action script I typically write the sid out to a variable to keep the regset lines from being too long. Here is a bogus example:
parameter "sid" = "{component string of sid of security account ("DOMAIN\" & name of current user)}"
regset "[HKEY_USERS\{parameter "sid"}\Software\Microsoft\Windows\CurrentVersion\Run]" "test"="c:\\test\\test.exe"
Thanks! That worked in the test cases I setup on my own machine. I will report back if it did what we needed, but it looks like it should be fine for the small tweak we need to implement.
Sorry for the delay in getting back. I received word that the method described above worked fine. I’m sure we’ll be making use of it in the future as well.