Home / server / Questions / 281502
In Process
Jim
Asked: 2011-06-18 05:18:12 +0800 CST

How can I script an HKCU setting for a handful of users on a specific server who don't have profiles?

  • 772

Here's what I would do manually:

  1. Log onto a server with Account1 to create its Windows profile.
  2. Start Internet Explorer. Click Tools > Internet Options > Advanced > Uncheck "Check for publisher's certificate revocation" and click OK. This updates "HKCU:\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State".

I'd like to somehow automate the above process so that I don't have to login to the servers, but still apply the setting to all users. (Using a GPO would work, but isn't an option.)

  • Is there a way to simulate a user login and set their HKCU value?
  • Is there a way to at least automatically log somebody onto a server and set the vlaue?
windows scripting login automation windows-registry

2 Answers

  1. You will want to use reg load to edit the default ntuser.dat which will then propagate to all newly created profiles.

    Example:

    @echo off
SET Counter=0
SET LogFile=%windir%\temp\Reg.log
echo. > %LogFile%

:LoadRegHive
SET /A Counter += 1
sleep 5
REG LOAD HKU\ChangeMe "c:\Documents and Settings\Default User\NTUSER.DAT"
IF /I %Counter% GEQ 10 GOTO RegLoadError
IF ERRORLEVEL 0 IF NOT ERRORLEVEL 1 (SET Counter=0 && GOTO ChangeKeys) ELSE (GOTO LoadRegHive)

:ChangeKeys
REG ADD "HKEY_USERS\ChangeMe\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v "My Pictures" /t REG_EXPAND_SZ /d "%%SystemDrive%%\My Documents\My Pictures" /f
IF ERRORLEVEL 0 IF NOT ERRORLEVEL 1 (echo "Successfully changed My Pictures network reference" >> %LogFile%) ELSE (echo "Error changing My Pictures network reference" >> %LogFile%)

REG ADD "HKEY_USERS\ChangeMe\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v "My Music" /t REG_EXPAND_SZ /d "%%SystemDrive%%\My Documents\My Music" /f
IF ERRORLEVEL 0 IF NOT ERRORLEVEL 1 (echo "Successfully changed My Music network reference" >> %LogFile%) ELSE (echo "Error changing My Music network reference" >> %LogFile%)

REG ADD "HKEY_USERS\ChangeMe\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v "Personal" /t REG_EXPAND_SZ /d "%%SystemDrive%%\My Documents" /f
IF ERRORLEVEL 0 IF NOT ERRORLEVEL 1 (echo "Successfully changed Personal network reference" >> %LogFile%) ELSE (echo "Error changing My Music network reference" >> %LogFile%)

REG UNLOAD HKU\ChangeMe

GOTO End

:RegLoadError
echo "Error loading the registry hive after 10 tries." >> %LogFile%
GOTO END

:End
EXIT
    • 2

  2. It sounds like it would be fairly trivial to apply a logon script on the server in the local GPO that makes the change you want. When users logon the change happens.

    In the case of the Terminal Server computer being a member of a domain I'd use loopback policy processing to assign the logon script.

    In the script I'd just check to see that the user was one of the "handful" before applying the setting.

    • 1