Windows – Access denied running gpo logon batch script executing reg add/query

batchscriptingwindows

I am using MS Server 2012 R2 64bit with Active Directory installed. I want to execute a few batch scripts when the user logs into a computer. These scripts use the "reg add/query" commands to check if a registry key exists and if it doesn't it will create it and set a value to the new key.
The problem I'm having is that it seems that every time the scripts run when a user executes, the scripts attempt to execute the reg add/query commands and it gets an "access denied" message.
Here is a sample of my batch script:

reg query HKCU\Software\myownkey >null 2>&1

if %ERRORLEVEL%% NEQ 0 (
   echo myownkey doesn't exist. Must create it.
   reg add HKCU\Software /v myownkey /t REG_DWORD /f /d 1 >null 2>&1
)

PAUSE

When the user logs into the machine, the script is executed and then it pauses so I can see if the script executed properly or not. All I see is that it prints "Access Denied" every time it attempts to query/add the registry.

Any one knows how to solve this problem? Am I better off using powershell scripts instead and won't run into this problem?

Thank you in advanced!

Best Answer

Do not double L in NUL:

reg query HKCU\Software\myownkey >NUL 2>&1

>null attempts to redirect command output to a file named null in the current directory which is supposedly C:\Windows or C:\Windows\system32.

nul

The null device is a special file that discards all data written to it, but reports that the write operation succeeded.

It is often used to hide the output (or error output) of a command.

e.g.
SomeCommand >nul
Nul provides no data to any process that reads from it (yielding EOF immediately)

For more examples see the redirection page.

Related Solutions

Windows – Automated method to convert .reg registry file to reg.exe commands

I think it could lead to trouble as the registry can contain extended characters like in unicode format and so on and bat files might not handle that so great, depending on what you do with the strings.

I've always called separate .reg files for this and it feels more natural to separate your "code-base" in as small chunks as possible and not use one giant file for everything.

It sounds like it should be quite easy to write a script to do the basics of it though if nothing comes up ^^

Windows – Using variables across multiple puppet windows batch scripts

Set the variable in your puppet manifest and source the batch scripts from template files with variables where you would otherwise be using an OS variable.

For example, a line from my postfix.erb file:

myhostname = <%= fqdn %>

For a great resource of actual code in practice, see Ever wondered how the Wikimedia servers are configured?. You can check out the repository with git.

Sourcing your script

    file { "file1 batch script":
            path => "/whatever/you/want/file1.bat",
            content => template("file1.erb");
    }

    ->
    exec {
            command = file1.bat
    }

    file { "file2 batch script":
            path => "/whatever/you/want/file2.bat",
            content => template("file2.erb");
    }

    ->
    exec {
            command = file1.bat
    }

Check out some ERB values as examples.

Any environment variables can be read with a script just as if you had run it directly. Also, puppet can set environment variables for a command to be run in an exec block. Check out the Puppet type refercence for more info.

As for importing variables into puppet, read up on custom facts.

Best Answer

Related Solutions

Windows – Automated method to convert .reg registry file to reg.exe commands

Windows – Using variables across multiple puppet windows batch scripts

Sourcing your script

Related Topic