[wpkg-users] registry

Rainer Meier r.meier at wpkg.org
Tue Jan 21 14:38:44 CET 2014


Hi Gilles,

On 21.01.2014 12:22, Gilles Lapene wrote:
> I want create a data in the registry HKCU (HKEY CURRENT USER). It's for a software called intramessenger. It's the parameter of the server for all users.
> My file reg functionally but i can't use it with wpkg. Do you have any idea?

HKCU registry tree is user-specific and can be changed only by this user. 
Therefore WPKG cannot do this for you unless you execute WPKG in user space. But 
usually WPKG is executed by some special account with admin privileges or the 
SYSTEM account when run as service. During WPKG execution HKCU is not available 
(or more precisely directs you to the WPKG-executing user registry).

So best option is to exexute some script in user space. To do this you have 
multiple options:

Logon script:
If you use network logon you might include some "reg.exe" or similar 
registry-modifications within the logon script which executes in user space. So 
HKCU is available.
You might also place any script on the hard disk and link it in Startup folder 
for all users or add it to HKLM\Software\Microsoft\Windows\Run key in order to 
execute it on user login. This way the script is also executed when the user 
logs in.
In all cases HKCU is available as the script is run by the user on login. Be 
aware that the script in this case is run at every login, not just once. So 
write the script in a way that it won't harm if executed multiple times. It 
might be removed at a later stage.

Mount User tree:
You might do offline modification of a users profile which is NOT logged in (ie. 
user registry not locked) by mounting it's HKCU registry tree.
e.g.
reg load HKLM\user-hive c:\users\user\ntuser.dat
This will mount the user software hive (HKCU) at HKLM\user-hive. Make sure any 
modification now will have to be done on this path, so instead of HKCU\some-key 
you need to modify HKLM\user-hive\some-key.
Do also not forget to unload (reg unload HKLM\user-hive) the hive after 
finishing modification.
This method is unsuitable if the user is logged in while the modification takes 
place.

Modify HKEY_USERS\<sid>
If you know the user SID you might directly modify HKEY_UUSERS\<sid>\some-key 
while the user is logged in.
I never did this as I consider this to be quite insecure.


Modify default profile:
You might modify HKEY_USERS\.DEFAULT from WPKG. However this is only suitable if 
the user profile has NOT been created yet. Modifying the default will have any 
effect on new user profiles created after modifying the default only. So if you 
don't use roaming profiles and do a clean setup of a machine this is likely the 
most safe place to include some registry defaults for first-time-login-users.



ActiveSetup:
Actually very few people even know about this but it's very handy to do exactly 
this type of modification. I give here a very brief description and example. You 
might find more details on the internet.
To use ActiveSetup basically checks during login whether there are components 
defined on the local system which have never been run by the user which logs in 
(e.g. first time logon or roaming from other machine in network environment). If 
a component is found which was not previously executed then it's run and its 
state is stored in user profile. If the administrator upates one of the 
components or adds new ones then ActiveSetup will detect this change and 
(re)execute these components.

First add the component to the registry. For example:

reg delete "HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed 
Components\mySetup" /f
reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed 
Components\mySetup" /v Version /t REG_SZ /d "1" /f
reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed 
Components\mySetup" /v StubPath /t REG_SZ /d "c:\path\to\script.cmd" /f

(caution: line breaks)
In this case a component called "mySetup" is created with version 1. If a user 
logs on to the system and does not find mySetup in version 1 to be executed 
already it will run the command defined in StubPath. On subsequent logins this 
is not re-executed unless the administrator increments the version.

I found ActiveSetup to be a very convenient way to make sure users will have 
executed certain actions once in their profile. I use it to distribute user 
profile fixes to machines.

In your case I would think about an ActiveSetup component which executes 
commands to modify the user registy for intramessenger.

br,
Rainer


More information about the wpkg-users mailing list