Tuesday, May 21, 2013

Script - detect users SID and make registry changes based on it

Deploying some laptops I needed to add registry changes to the account.  Unfortunately the accounts where not domain accounts making it slightly harder.

To complicate matters registry for these particular machines is disabled by GPO and we didn't want to enable it.  Thus the user can't run the reg add themselves AND for each computer the user SID is different.

Solution was to use psgetsid to find the users sid and then add the reg keys using this from an account that has access to regedit on the machine.

Example:
For /f "delims=" %%i in ('c:\admin\psgetsid.exe usernameofaccounttochange') DO set usersid=%%i

reg add "HKU\%usersid%\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "DefaultConnectionSettings" /t REG_SZ /d 460000001e00000001000000000000000000000000000000010000000000000018dc31de5756ce0100000000000000000000000000000000 /f
reg add "HKU\%usersid%\Software\Microsoft\Windows\CurrentVersion\Explorer" /v EnableAutoTray /t REG_DWORD /d 0 /f



Note:  You can also use %username% to detect the currently logged on user and retrieve sid for the script, BUT if you do this note that if UAC is enabled or prompts then the username that will return will be that of the admin account that you enter for UAC.  Which is likely not what your after.

No comments:

Post a Comment