LinkBack URL
About LinkBacks
Reply With QuoteHi,
That does seem strange - have you seen this article:
http://www.windowsecurity.com/articles/Efficient-Registry-Cleanup.html
It works for me under both XP and Vista.. Also, Don't you think it should be HKU instead of HKLM?
100+ Helpful Posts!
50+ Helpful Posts
I have a VBS startup script that works fine with Win 2000, XP, 2003 but will not function properly on Vista. The startup script's purpose is to load the registry hive of the Default User (Default for Vista) profile, make a change and unload the hive. If I manually run the VBS script on Vista it works fine, however when I run it as a startup script it fails. Specifically the startup script is failing at
loading the default user profile hive.
After a lot of testing I was finally get a handle on what the problem is but I don't know how to fix it. If I have the following (test) script run as a startup script:
[code:1]reg load HKLM\Defuser C:\test\ntuser.dat[/code]
When the startup script is processed it displays the message: Error: A required privilege is not held by the client
As the script above shows I have created a C:\test folder and placed the ntuser.dat file into that folder. I have given Everyone & System full control of the folder. I have also given Everyone & System the "Act as part of the operating system" privilege.
Does anyone have any ideas on what privilege and what account needs the privilege to accomplish loading a registry hive from a startup script on a Windows Vista computer?
100+ Helpful Posts!
50+ Helpful Posts
Hi,
That does seem strange - have you seen this article:
http://www.windowsecurity.com/articles/Efficient-Registry-Cleanup.html
It works for me under both XP and Vista.. Also, Don't you think it should be HKU instead of HKLM?
100+ Helpful Posts!
50+ Helpful Posts
As far as loading a hive, I don't believe it makes any difference where you actually load the hive HKLM/HKU, at the scriptors discretion.
However, I did try attempting to load it at HKU and received the same error. I had not seen that article, but from reading it I makes me believe that what I am trying to do should work without any issues on Vista.
I would like to confirm with you (or anyone else out there) that you are able to load a registry hive using a startup script on Windows VISTA?
100+ Helpful Posts!
50+ Helpful Posts
I wrote the article and I did test my scripts on Vista too (as it is stated in the article).
100+ Helpful Posts!
50+ Helpful Posts
I have tried this on several Vista machines, all with exactly the same results.
Here is what I did in detail:
1) Install Vista (Windows Vista Business edition), computer added to Domain
2) From Local group policy (gpedit.msc) set the startup script to run the following code:
[code:1]REG load HKU\DefUser C:\Users\Default\ntuser.dat
Pause[/code]
3) From Local group policy set "Computer Configuration\Administrative Templates\System\Logon\Always wait for the network at computer startup and logon" = Enabled
4) From Local group policy set "Computer Configuration\Administrative Templates\System\Scripts\Run startup scripts asynchronously" = Disabled
5) From Local group policy set "Computer Configuration\Administrative Templates\System\Scripts\Run startup scripts visible" = Enabled
6) Reboot
On boot I see the following consistently on all VISTA computers I have tested:
After logging in, if I run the same script (Run as Administrator) it loads the hive as expected.C:\windows\system32\GroupPolicy\Machine\Scripts\St artup>reg load HKU\DefUser C:\Users\Default\ntuser.dat
ERROR: A required privilege is not held by the client.
C:\windows\system32\GroupPolicy\Machine\Scripts\St artup>pause
Press any key to continue . . .
There seems to be some permission or privilege that the SYSTEM account doesn't have that is required to load a registry hive with a startup script on a VISTA machine.
Any ideas?
100+ Helpful Posts!
50+ Helpful Posts
I'm still thinking - have you tried my method from the article instead of taking your own approach? Unfortunately I don't have the time to test your code these days.
100+ Helpful Posts!
50+ Helpful Posts
Jakob I really appreciate your input on this problem. I have read the article you have written and understand it's purpose, provide information on how a startup script can be used to load user hives and make registry changes (HKCU changes) for all users on a system.
Before reading your article I had written a startup script which was designed to make a change to the Default User profile registry hive. The script worked fine on all flavors of Windows greater then W2K. When implemented as a startup script, the script continues to work well on all flavors of Windows except VISTA.
After troubleshooting the issue I have found that the problem with VISTA is that by default any code in a startup script that attempts to load a registry hive will fail. From the test, I am under the assumption that the failure apparently is a result of the account used to run the startup script (SYSTEM) by default not having the necessary permissions/privileges to load a registry hive.
With my testing, I can only conclude that the information in the article that was mentioned in this thread is inaccurate and indeed does not apply to Windows VISTA.
My previous post boils down the issue to 1 line of code, the loading of a registry hive which always fails when ran in a startup script on Windows VISTA. The local GPO changes and adding of a PAUSE command to the script mentioned in the previous post was done so that I could see the results of the startup script. As posted, the results always seems to be: "ERROR: A required privilege is not held by the client."
I am not sure what other code I could possibly test when the following command always fails in a startup script on VISTA: REG load HKU\DefUser C:\Users\Default\ntuser.dat
I would love to hear from someone who has been able to load a registry hive in a startup script on a VISTA computer. I would love to hear from someone who has performed the test mentioned in the previous post and has had different results, specifically a successful hive load from a startup script on VISTA.
100+ Helpful Posts!
50+ Helpful Posts
You know what - I just used 20 minutes to re-test my script used in the article, for some reason you managed to bring some doubt into my mind... 8) But I gotta tell you - my script works perfectly under Vista (as previously stated)!
However, I'm not loading the Default User profile and it seems like that's all you are trying to do. So, what does a man do friday night? I used another 10 minutes and changed my script a bit to load the Default Users profile only, from \Users\Default\Ntuser.dat - and you know what? That worked perfectly fine too!?!
I simply don't know what to say - except: just use my code :wink:
Another thing - are you testing with a "Local" Startup Script or a "Domain GPO" Startup Script?
100+ Helpful Posts!
50+ Helpful Posts
Turns out we were both right. I was right in stating that a registry hive can't be loaded in Vista VIA a startup script, and Jakob was right in stating that a registry hive could be loaded in vista VIA a startup script.
How does that make sense you ask? Simple, SP1. After lots of testing I found that without SP1 a registry hive can't be loaded from a startup script. However, with SP1 installed, a startup script can load a registry hive without any issues. I can only conclude at this time that Jacob's testing was performed on a Vista machine with SP1.
Happy registry hive loading
Eric Michaud
Posting Permissions