Installing registry “fix” at logon (AD)

[Spider]

Im trying to distribute a registry fix to all users in a W2003 AD environment. The fix is a HKCU change, is held in a .reg file at the moment, works correctly when run manually on a users PC. But rather than going toe ach machine I wanted to distribute it via group policy.
I dropped the .reg file in the logon scripts directory and set it to run via group policy, but it doesn’t seem to be applying (no error messages are given during logon). I’m just wondering what I am doing wrong?

FYI we have denied all users access to registry editing tools, but as the user isn’t running the script themselves I don’t know if that will matter.

Anyone know what im doing wrong and what is the best way to ‘patch’ all users registries rather than manually?

All clients are XP Pro SP2 and the server is 2k3 R2.
thanks

 

[oddjob62]

Well .reg files will use the registry editor to apply. IF you have added the policy setting to the User Configuration it will run with that user's credentials and hence be blocked

 

[Spider]

I enabled registry editing but it still didn't apply,
didnt get an error message when i logged on, but looking in the registry the keys aren't there?

 

[oddjob62]

I enabled registry editing but it still didn't apply,
didnt get an error message when i logged on, but looking in the registry the keys aren't there?

There's nothing in event viewer at all?

EDIT: just though... you may have to run it through a script, not just directly putting a .reg file into the GPO. Been a while since i've had to do it.

 

[rob5ta]

I think the issue is more than likely a combination of local machine admin rights, and the fact that the user is under a group policy that restricts registry editing tools. I would say the only way around it is to either use "runas" or "su (switch user)" via a script to successfully apply the entries.