Ugh... Registry keys & Login Scripts - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 06-19-2006, 05:24 PM   #1 (permalink)
True Techie
 
Join Date: Mar 2005
Posts: 188
Default Ugh... Registry keys & Login Scripts

Using NT4 domain, Win XP Clients - have login scripts that run the following command:

regedit /s \\server\netlogin\reg\ssaver.reg

ssaver.reg has the following:

Windows Registry Editor Version 5.00

[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"PowerOffActive"="1"
"PowerOffTimeOut"="1200"
"ScreenSaveActive"="1"
"ScreenSaverIsSecure"="1"
"ScreenSaveTimeOut"="300"
"SCRNSAVE.EXE"="logon.scr"

[HEKY_USERS\.DEFAULT\Control Panel\PowerCfg]
"CurrentPowerPolicy"="0"


Pretty much this enables the screen saver at the logon screen and allows the monitor to power off as well.

The script runs - but the keys in the registry don't change! Happens on all systems even with admin rights.

I have other registry items i've created and they seem to work just fine.

Any ideas as to what i'm doing wrong?
__________________

htcs is offline  
Old 06-19-2006, 06:32 PM   #2 (permalink)
Super Techie
 
Join Date: Dec 2004
Posts: 319
Send a message via AIM to evelmunkey
Default

I will look at some login scripts when I get home.
__________________

__________________
evelmunkey is offline  
Old 06-19-2006, 10:20 PM   #3 (permalink)
Super Techie
 
Join Date: Dec 2004
Posts: 319
Send a message via AIM to evelmunkey
Default

Seems like the script would work, as far as I can tell everything is correct. I would double check that you can access that path from that box with the desired user. When you say the user has admin rights, is that admin of that machine or network admin rights? My guess is the user doesnt have access to the folder that script is in. Try putting some checks in there to see how far it is getting. For example, if you have a bat file that calls this file put in a pause before this reg file is called and then take off the /s so you can see it run and maybe put a pause after. Let me know more info...
__________________
evelmunkey is offline  
Old 06-20-2006, 10:42 AM   #4 (permalink)
True Techie
 
Join Date: Mar 2005
Posts: 188
Default

The script files is running - when i have regedit open and run the script from the command prompt manually, i can see the regedit window 'refresh' and if i change the values of other reg tweaks, i can see the values change once the script is run. Its only this specific one that just won't do it!!!

The users have admin rights on their local machines. These scripts are done so that its as if the user is running the programs directly from their machines - not the server.

Thinking more about this... this isn't really a script problem since that is running. Its the fact that the reg file will not add its values into the registry for that particular key(s).

I can't seem to think of any other information you would need... if you know of something that you would need to know that i don't right now... let me know so i can find out and let you know what else you needed to know! AIR!!! :amazed:
(first day off cigarettes... kinda don't know what i'm talking about ).


Really appreciate your interest in helping! Thanks in advance.
htcs is offline  
Old 06-21-2006, 11:54 AM   #5 (permalink)
Super Techie
 
Join Date: Dec 2004
Posts: 319
Send a message via AIM to evelmunkey
Default

I have been reading some info on this subject and it seems that windows update made it so this can not happen. It appears that an attack could be launched by allowing a script to change these settings. Something along the lines oh launching cmd.exe as the screen saver (login.scr) and since the screen saver laucnches as a system process the attacker would have "admin rights" will in the command propmt. Havent confirmed that via a reliable source but I am still looking into as to why this isnt working.
__________________
evelmunkey is offline  
Old 06-21-2006, 12:02 PM   #6 (permalink)
Super Techie
 
Join Date: Dec 2004
Posts: 319
Send a message via AIM to evelmunkey
Default

Try altering the same settings under this instead.....

[HKEY_CURRENT_USER\Control Panel\Desktop]

I know that it shouldnt make a difference but just to test.

Also, this key may not exist on XP. I am at work and this machine is locked down like fort knox so I cant verify. I am just going by what I read.
__________________
evelmunkey is offline  
Old 06-21-2006, 04:15 PM   #7 (permalink)
True Techie
 
Join Date: Mar 2005
Posts: 188
Talking

Ah, thanks for that.

I changed the keys in \HKEY_CURRENT_USER\Control Panel\Desktop and it seems to have successfully entered ok. I verified by looking at the screen saver time out, monitor power off time and password protection on screen saver. They were all modified to what was specified in the reg. file.


Thanks... this may not work for the login screen, but it works while they're logged on!

Thanks again.
htcs is offline  
Old 06-21-2006, 05:00 PM   #8 (permalink)
Super Techie
 
Join Date: Dec 2004
Posts: 319
Send a message via AIM to evelmunkey
Default

IF that worked, I am confident in saying that the other way was most like disabled due to the attack I mentioned earlier.
__________________
evelmunkey is offline  
Old 07-04-2006, 01:41 PM   #9 (permalink)
True Techie
 
Join Date: Mar 2005
Posts: 188
Default

Thanks for the help - thanks to your suggestion i've been able to change many other options this way. You ROCK!
__________________

htcs is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 08:40 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.