#1 08 Oct 2019 16:43

sjf2
Member
Registered: 06 Jan 2019
Posts: 4

Using REG.EXE as Admin does not (always) change settings for users

I am stumped with the way REG.EXE updates the Registry in Windows 10.  This may go beyond Windows 10 but I haven't checked it on Windows 7 yet.
I have a .CMD script in which I try to change several Registry settings to "personalize" new user installs.  I have found (and rightly so) that many of the changes I want to perform require my script to be "Run as Administrator" or executed when Administrator is logged-on.  However, some of the REG.EXE Query(s) or Add(s) do not get applied to regular users when REG.EXE is running as Administrator.
Here is what I'm trying to do in my script, running as admin:

:: Get value of a very simple key and set a variable, "ReturnValue", with what I believed to be the setting for all existing users:
:: (First, example of just simple REG.EXE Query which just produces text output of KEY/Value in question):

REG Query "HKEY_CURRENT_USER\Control Panel\Desktop" /v "PaintDesktopVersion"


:: Same REG.EXE command in FOR statement in order to set variable

for /f "tokens=3" %%a in ('REG Query "HKEY_CURRENT_USER\Control Panel\Desktop" /v "PaintDesktopVersion" 2^>nul ^| find /i "PaintDesktopVersion"') do SET ReturnValue=%%a
:: The result is ReturnValue equal to 0x0 or 0x1.


:: REG.EXE Add command to set the KEY/Value to 1

REG Add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "PaintDesktopVersion" /t REG_DWORD /d 1 /f 2>&1 | find /i "error" & if !errorlevel! equ 0 goto :ERROR1

The "problem" I'm seeing is that the result of my REG.EXE commands do not follow the REGEDIT display of the same Key.
If I do a Query, I do not get the value of "HKEY_CURRENT_USER\Control Panel\Desktop\"PaintDesktopVersion"
If I do and Add, "HKEY_CURRENT_USER\Control Panel\Desktop\"PaintDesktopVersion" does not get updated.

What I have discovered is that the similarly-named key "HKEY_USERS\S-1-5-21-1677918277-1039386693-1149237512-500\Control Panel\Desktop\PaintDesktopVersion" gets Queried and Updated.
I believe that the fact that I do "Run as Administrator" is yielding results from the HKEY_USERS hive for Administrator.
I also believe that I must run my script as Administrator and in doing so, I cannot update the "PaintDesktopVersion" for the current user (new user) that I am logged-in as.

What do I need to do in my script to be able to change Registry settings for the regular user when I execute it as Administrator??

Offline

#2 10 Oct 2019 00:17

Simon Sheppard
Super Administrator
Registered: 27 Aug 2005
Posts: 1,037
Website

Re: Using REG.EXE as Admin does not (always) change settings for users

When you 'Run As Administrator' there are two possibilities:

If the initial user account has Administrator rights on the local machine, you will get an elevation prompt and then a new process/session will start with an elevation token set.
If the initial user account does NOT have Administrator rights on the local machine, you will get an elevation prompt for credentials: entering a different user account/password will then start a new process/session under that account.

Assuming you are doing the second option, then what you describe is exactly what I'd expect to happen.

Offline

#3 14 Oct 2019 18:08

sjf2
Member
Registered: 06 Jan 2019
Posts: 4

Re: Using REG.EXE as Admin does not (always) change settings for users

Thanks for the answer, Simon...
If I follow you, a normal user with no admin rights - call him USER - and the Administrator (or USER elevated) are reading the registry keys from different places?
So, how do I query or set "HKEY_CURRENT_USER\Control Panel\Desktop\PaintDesktopVersion" for USER (and all other non-admin users)? 
Unfortunately, I have to run my script elevated, in some way, to make changes to many of the values I want to change.
From what you are telling me, in that scenario, I can't make changes to the keys/values for USER.  Is that correct?
If so, how is it done?

Offline

#4 23 Oct 2019 15:07

bluesxman
Member
From: UK
Registered: 29 Dec 2006
Posts: 1,095

Re: Using REG.EXE as Admin does not (always) change settings for users

You could try using a tool like psgetsid to get the users SID and then write directly to the appropropriate HKEY_USER subkey, rather than relying on HKEY_CURRENT_USER context.


cmd | *sh | Ruby | Chef

Offline

Board footer

Powered by FluxBB