Home / server / Questions / 86598
Accepted
djk
Asked: 2009-11-21 01:21:37 +0800 CST

Allowing users to install fonts in Windows 7 (through GPO)

  • 772

This is somewhat related to my previous question, Why do installed fonts disappear after reboot?.

Having got the font install issue sorted out under XP just fine, recently we've got a Windows 7 workstation and I've created a special GPO for it. Initially it was UAC that was demanding administrative access to C:\windows\fonts despite the fact the policy dictates that directory is writable (as is the relevant registry entries, on XP anyway). The issue now though is that when I try to copy a font or hit install it claims that the font "does not appear to be a valid font". This happens with every type of font as well.

Is there some new and special consideration when allowing these changes on Windows 7?

Any input would be appreciated.

Many thanks, Doug

windows-7

5 Answers

  1. Best Answer

    So I figured it out.

    Having looked at the Resultant Set Of Policy and seeing nothing untoward there, I checked C:\windows\security\logs\winlogon.txt

    The Windows 7 client GPO is a copy of the standard XP one that I created, and therefore had entries in it to allow domain users to edit the content of C:\windows\fonts.

    However, Windows 7 shows this in winlogon.txt:

    ----Configure File Security...

    Configure c:\windows\fonts.

    Warning 5: Access is denied.

    Error setting security on c:\windows\fonts.

    I checked the GPO and removed the settings for this directory and re-added it, which upon a GPO update and restart gave me this:

    ----Configure File Security...

    Configure c:\windows\fonts.

    Configure c:\windows\system32\fntcache.dat.

    File Security configuration was completed successfully.

    I tried adding a font and voila! Worked as intended.

    Hope this helps anyone else who may come across the same issue. No idea why re-adding the same security setting made it work but it did.

    • 2

  2. Well I can only suggest you have the UAC turned off because I have taken ownership and set the Windows 7 font directory and registry key permissions to allow users change access but the UAC keeps prompting for administrator credentials.

    • 0

  3. This error occurs because the file attribute System is checked. Checked directorys at System cannot have their permissions changed. In my case I try these following command:

    attrib -r -s %systemroot%\fonts

    To correct these error below:

    Warning 5: Access is denied.

Error setting security on c:\windows\fonts
    • 0

  4. You could try to use the Silent Install Builder from Apreltech at https://www.silentinstall.org/. This program builds MSI or EXE packages containing a font registry scripts. You could deploy Silent Install Builder's MSI through GPO.

    • 0

  5. Login with Admin account first

    1. Go to Run Command
    2. Type "regedit" click Enter
    3. Now you can see " HKEY_LOCAL_MACHINE" click and explore it
    4. next go to "SOFTWARE" then "MICROSOFT" after then "WINDOWS NT"
    5. Now you can see "Current Version" and go to "Fonts"
    6. Now you right Click on fonts
    7. go to change permissions
    8. make your local user permission for allow access..
    • -2