No announcement yet.

Exporting registry key permissions

  • Filter
  • Time
  • Show
Clear All
new posts

  • Exporting registry key permissions

    Is it possible to export a registry key and its permissions? We have changed a few registry key permissions to allow some older programs to work on a restricted user profile. There is about 10-15 keys we've changed permissions and I do not want to manually change the registry key permissions on each of the PC we have. (we are talking about 50-75 PCs that need to be changed)

  • #2
    In NT you used to be able to save to a binary file format with permissions using File->Save Key. When using it you would use "Restore..." in regedt32. But the entire highlighted key was completely replaced by the contents of the binary file. It was however removed due to problems where the restore function restored some registry ACLs that were machine-specific, and caused a SID mismatch. Now, only merge operations are allowed.

    You can't export permissions into a *.reg file. You should take a look at Regini.exe which can be used to set permissions using a script, its part of the Win2003 resource kit.

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **


    • #3
      Can you use that tool individually on a Win XP machine or install the changes via AD (for instance in the login script)?


      • #4
        You can do it either way. To use Regini.exe you must first create a script file then run Regini.exe to make the changes specified in the script.

        There is a Word document included with the Resource Kit explaining Regini, which you should read to get all the details on this powerful tool, but the following should be enough to get started.

        The script file is easy to create. On the first line, enter the key to be edited, and on the following line enter the value to set it to, using this simple syntax:
        HKEY_CURRENT_USER\Software\Microsoft\Office\8.0\Ou tlook\Office Explorer
        Favorites = H:\Windows\.
        Views = H:\Windows\.
        HKEY_CURRENT_USER\Software\Microsoft\Office\8.0\Wo rd\Options
        AUTOSAVE-PATH = H:\Temp
        DOC-PATH = H:\Windows\Personal
        EnableMacroVirusProtection = 0
        HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Access
        Enabled = REG_DWORD 0DWORD

        By default, the value type is REG_SZ.

        Note that where the two paths appear as values in the same key, they are separated by "." to prevent them from merging into each other. Be aware, too, that there are different versions of Regini, and there is a b switch to afford some backward compatibility. There is also an m option to allow the registry of a remote machine to be accessed using the UNC server name.

        One good way to get started on your Regini script is to use the Regdmp.exe utility (also on the Resource Kit) to dump out the part of the registry you will be working on to a text file. The output from Regdmp is in the correct form to be used as input for Regini. Using this shortcut, you don't need to start writing your script from scratch.

        In short: Regini lets you make a number of edits from one script file. Call this script from a batch file which starts Regini (e.g., c:\ntreskit\regini.exe c:\scripts\testscript.ini) and just edit the script file. That way, you can't alter anything else in the batch file when you add or remove edits from the script. Use the Regdmp utility to create the template script and then alter the values or keys as required.

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **