Re: Automated logoff using Winexit.scr
- From: "saxophobe" <saxophobe@xxxxxxxxx>
- Date: 31 Aug 2006 07:21:37 -0700
Thanks again for the quick reply!
I tried making the suggested changes, but I am still getting an error.
Here are the specifics:
New OU - New Policy
Changes made in: Computer Configuration/Windows Settings/Security
Settings/Registry
Key Added: MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\IniFileMapping\control.ini
Settings: Configure this key then Propogate inheritable permissions to
all subkeys
Permissions granted: Authenticated Users: Read/Special
Permissions(Set Value and Create Subkey) on This key and subkeys.
Error being received: "Error encountered while creating registry key.
Make sure you have Set Value and Create Subkey permissions."
If you, or anyone else, has any additional suggestions that I could
try, please let me know.
Thanks for your time!
sax
Steven L Umbach wrote:
I believe you should be able to do it via Group Policy/computer
configuration/security settings/registry. Try setting up a test OU with a
test GPO linked to it trying to accomplish that and move a couple computers
into that OU to see if it works as expected after the GP settings apply to
the computers. Keep in mind that when you change registry permissions via GP
that removing the GP will not cause the registry permissions to change back
to what they were. Also best practice is to not configure file system and
registry settings at the domain level but instead do via an OU.
Steve
"saxophobe" <saxophobe@xxxxxxxxx> wrote in message
news:1156969284.622318.277890@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi Steve,
Thanks for the reply!
Actually, I've been trying to use RegDACL, but can't figure out how I
can call the executable from a script. We have about 10 DC's in our
domain, do I have to install RegDACL on ALL of them to get this to
work?
I can use RegDACL to change the security of the reg key locally, no
problem. The instructions seem to be lacking on how to make the call
from within a GPO Logon script.
If you have any ideas, please let me know.
Thanks!
sax
Steven L Umbach wrote:
The info in the link below should help.
Steve
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=1179
If a non-administrative user attemps to use the WinExit screen saver,
they
receive:
Error encountered while creating registry key. Make sure you have set
values
and create subkey permissions.To allow then to use the screen saver,
use
regedt32 to navigate to:
HKEY_Local_Machine\Software\Microsoft\Windows
NT\CurrentVersion\IniFileMapping\Control.ini
Use Security / Permissions to click on Everyone and select Special Access
in
the Type of Access drop-down list box. Check Set Value and Create Subkey
and
click OK and OK.
You can use RegDACL to set these permissions in batch.
"saxophobe" <saxophobe@xxxxxxxxx> wrote in message
news:1156953294.383047.10510@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Ok all. I have made progress, but still don't have the desired
finished result.
Instead of deploying, which I couldn't get working using a simple .bat
file, I was able to point the Usr Config\Adm Templ\Control
Pnl\Display\Screen Saver executable name to the file on a share and it
works!
Now the only problem is when users time out after inactivity, they get
an error regarding permissions for the following reg key:
HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\IniFileMapping\control.ini
Even though I add Authenticated users with the correct Special
permissions, export the .reg file to the share and have altered my .bat
file to the following single command:
Regedit.exe /s "\\server\share\file.reg"
The requisite permissions are not applying, and the user still gets the
error.
Does anyone have any ideas?
Please help if you can.
Thanks!
sax
saxophobe wrote:
Good Evening all,
I am trying to implement and automated logoff for all computers that
are not servers in our domain. I have tried creating a group policy
and linking it to a new OU called Desktops, but the policy doesn't
apply for some reason. To accomplish this I did the following:
1. Created a .bat file to download the winexit.scr screensaver file to
the C:\Windows\system32 dir from a share on the server
2. Created a custom Administrative Template to enable the settings for
the winexit.scr found here:
http://blog.case.edu/djc6/2005/03/09/automatically_log_off_users
3. Set all the settings to control the Screen Saver in the new policy,
including the ones in User Config > Administrative Templates > Control
Panel > Display
Now, I want to apply this to all desktops and laptops, even remote
ones, and not servers, but my settings don't seem to be applying, and
the .scr file is not being copied from the server, which has to happen
before some of the settings will take effect.
I have checked everything I can think of to get this to work; when I
run the .bat file on it's own, it works. I have made sure that
Authenticated Users have the Apply Group Policy permission defined.
Does this HAVE to be applied to the Default Domain Policy? If so, how
do I keep it from being applied to the servers? Do I have to apply a
WMI filter?
Any info on this would be appreciated.
Thanks to all that take the time to respond!
sax
.
- Follow-Ups:
- Re: Automated logoff using Winexit.scr
- From: saxophobe
- Re: Automated logoff using Winexit.scr
- References:
- Automated logoff using Winexit.scr
- From: saxophobe
- Re: Automated logoff using Winexit.scr
- From: saxophobe
- Re: Automated logoff using Winexit.scr
- From: Steven L Umbach
- Re: Automated logoff using Winexit.scr
- From: saxophobe
- Re: Automated logoff using Winexit.scr
- From: Steven L Umbach
- Automated logoff using Winexit.scr
- Prev by Date: Re: Folder redirection in Server 2003
- Next by Date: Computer account and group policy
- Previous by thread: Re: Automated logoff using Winexit.scr
- Next by thread: Re: Automated logoff using Winexit.scr
- Index(es):
Relevant Pages
|
