Text only | Text with Images

WinBatch® Technical Support Forum

All Things WinBatch => WinBatch => Topic started by: mcvpjd3 on August 06, 2014, 03:36:09 AM

Title: Changing restricted registry entries.
Post by: mcvpjd3 on August 06, 2014, 03:36:09 AM
Need some expert advice on this.

I'm trying to change a registry key on our users PC. Its in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance\Boot. In order to edit the entry (BootMinorThreshold_Sec) I need to take ownership and write rights of the keys (from Diagnostics to Boot). I've found and application to do this called setacl.exe (http://helgeklein.com/setacl/).

So I wrote this script

computername=environment("COMPUTERNAME" )
setacl='"C:\Program Files\UB\Startuptimer\SetACL.exe"'
setaclp1=strcat('-on HKLM\Software\Microsoft\Windows\CurrentVersion\Diagnostics -ot reg -actn setowner -ownr "n:',computername,'\Administrators"')
runhidewait(setacl,setaclp1)

Which worked....but I then needed to change the rights of the keys to allow administrators to change them so added the following lines

setaclp2=strcat('-on HKLM\Software\Microsoft\Windows\CurrentVersion\Diagnostics\Performance -ot reg -actn ace -ace "n:',computername,'\Administrators;p:full"')
runhidewait(setacl,setaclp2)

This doesn't work, but if I open an command prompt (elevated) the command above does work.

When compiling the exe I change the settings to requireAdministrator, run the EXE as administrator and no-joy.

I then changed the run command to:

runwithlogon(setacl,setaclp5,"",@normal,@wait,"administrator@MYPCNAME","","myadminpassword",0 )

and still no joy.

Can anyone suggest anything to help with this?

Thanks
Title: Re: Changing restricted registry entries.
Post by: Deana on August 06, 2014, 10:38:34 AM
Maybe try compiling the exe using requireAdministrator, run the EXE as administrator and try using ShellExecute to launch the SetACL.exe. I suggest ShellExecute because the shell sits in a much higher layer in the OS and consequently is able to take a dependency on elevation.
Title: Re: Changing restricted registry entries.
Post by: Deana on August 06, 2014, 10:44:30 AM
Alternatively you could use the Networking functions in WinBatch to handle this with out having to launch a separate process.

wntOwnerSet
Takes/sets ownership of an object.

wntAccessAdd
Adds or updates Discretionary Access Control List [DACL, a.k.a. permission] records for a resource.


Title: Re: Changing restricted registry entries.
Post by: mcvpjd3 on August 07, 2014, 02:23:02 AM
Yup, that worked perfectly, knew there was a reason I keep coming here for advice.

Thanks
Text only | Text with Images