[pkoppelaar]

For my unattended cd I want user specific registry tweaks such as disabling of the taskmanager. How do I do that?

[Ctrl-X]

Import them to HKEY_CURRENT_USER from Cmdlines.txt. Because there aren't any users present at that time, the settings will end up in HKEY_USERS\.DEFAULT, so every newly created user will receive the settings as well.

[pkoppelaar]

But that is not what I want. I'm working on an install cd for a kiosk system. It has several user accounts, each with their own privileges. Some accounts have a replacement Windows shell and restrictions in Windows, others have full access (support account). How would I accomplish this?
Can't I edit the registry using RunOnceEx? The accounts are already created at that point..

[Ctrl-X]

I don't think you can do this by editing the registry directly. When one user is logged on, the HKCU hives of the other users aren't available. You could try creating a .reg file for each user and then making each account import their own registry tweaks file, for instance by adding a script to their startup folder (or the AllUsers startup folder), but I'm not sure that will work.

[pkoppelaar]

Isn't it possible to edit the keys in the HKEY_USERS tree? Is it possible to identify which one relates to which account?

[Ctrl-X]

Like I said: when one user is logged on, the user hives of the other user accounts aren't available. Just log on, run regedit and open the HKEY_USERS hive: you won't find the other user hives there (except a few default ones, such as S-1-5-18 - Local System, S-1-5-19 - Local Service and S-1-5-20 - Network Service). As you can see users are identified here by their SID, so you wouldn't know the correct SID in advance anyway.

You can load another user's hive manually by selecting the HKEY_USERS hive, selecting File / Load Hive and then browsing to the user's NTUSER.DAT file, but AFAIK this can only be done manually.

[InTheWayBoy]

Yeah, that's a pretty tricky scenario, one that would benefit from a domain controller hosting the user profiles. but since it sounds like that isn't an option we have to figure out how to get past it.

One thought that comes to mind is to install the operating system manually, configure all the profiles as you would like them, and then take the customized user profiles and backup them up. Then you can create an install CD and put those profiles in the $OEM$\$Docs folder. Of course this isn't with out it's own issues, but it sounds like a valid option.

[mazin]

I do like what Ctrl-X says.

Actually, here's what I do:

1- I run this INF from cmdlines.txt, so it goes to each user's CU-RO.

As you can see, there's a batch file here: %SystemRoot%\HDCURO\HDCURO.cmd (copied by $OEM$).

HDCURO.cmd will run whenever a newly created user logs on for the first time.

HDCURO.INF said:

[Version]
Signature = $CHICAGO$

[DefaultInstall]
AddReg = AddReg.CUROHD

[AddReg.CUROHD]
HKCU,%CURO%,"Z01",,"%10%\HDCURO\HDCURO.cmd"

[STRINGS]
CURO="SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"

2- This is the content of HDCURO.cmd:

Quote

@echo off
Title %UserName% Applications - From HD CURO ----- Started: %TIME%
CD %SystemDrive% >NUL
:: -----------------------------------------------------------------------------------------
IF %USERNAME%=="mazin" GOTO mazin
IF %USERNAME%=="LORD" GOTO LORD

:mazin
color 4F
...

MY
COMMANDS
GO
HERE
...

ShutDown.exe -f -r -t 60 -c "Your PC will restart in 1 minute..."
cls

:LORD
color 1E
...

MY
COMMANDS
GO
HERE
...

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /d 0 /f
ShutDown.exe -f -r -t 60 -c "Your PC will restart in 1 minute..."
cls

[Takeshi]

....Deleted....

This post has been edited by Takeshi: 18 October 2006 - 02:25 PM

[pkoppelaar]

mazin, on Oct 13 2006, 05:02 PM, said:

I do like what Ctrl-X says.

Actually, here's what I do:
...

Ok that seems logical. Why do you have the shutdowns in the cmd file?

When are the changes executed, before the explorer.exe shell is loaded?

Edit:
Ok I've tried it using Virtual PC; I got an error the .inf could not be installed. I checked out the MSKB on inf files and I think you forgot quotes around the Signature value. Here is my .inf:

[Version]
Signature = "$CHICAGO$"

[DefaultInstall]
AddReg = AddReg.CURO

[AddReg.CURO]
HKCU,%CURO%,"CURO",,"%10%\Company\regtweaks\CURO.cmd"

[STRINGS]
CURO="SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"

Edit2:
It first logs in as the Administrator. Then the .inf is not executed. If I then logoff and login as another user, I see some cmd boxes and get an error stating "INF Install failure. Reason: Access is denied." That account is member of the local group Users, and not Administrators. So that would clarify why it can't add the reg key. But why is the .inf executed at that logon? I thought it would be executed during setup...?

This is my cmdlines.txt:

[Commands]
"rundll32 advpack.dll,LaunchINFSection nLite.inf,U"
"REGEDIT /s general.reg"
"HDCURO.inf"
"RunOnceEx.cmd"

Oh and it also seems the general.reg tweaks are not executed...?

This post has been edited by pkoppelaar: 16 October 2006 - 08:47 AM

[mazin]

The snippets of files I posted are copied from my latest CD. It's WORKING in REAL installations.
I don't use a VM to test my CDs!

[pkoppelaar]

It does not work. Could you post your cmdlines.txt?

[mazin]

pkoppelaar, on Oct 18 2006, 10:58 AM, said:

It does not work. Could you post your cmdlines.txt?

This is exactly my cmdlines.txt!

cmdlines.txt said:

[COMMANDS]
"UserAdd.cmd"

This is exactly my UserAdd.cmd! What you need is the line in red bold.

UserAdd.cmd said:

@echo off
Title Creating A User Account...
:: -----------------------------------------------------------------------------------------
TUNE 5.9
TUNE 4.1
TUNE 3.1
TUNE 2.1
TUNE 1.9
:: -----------------------------------------------------------------------------------------
echo - cmdlines.txt (T-12) started @ %TIME% on %DATE%.>>%SystemDrive%\TimeLog.txt
:: -----------------------------------------------------------------------------------------
START /WAIT rundll32 %SystemRoot%\system32\ADVPACK.DLL,LaunchINFSection CDLMROEX.inf,DefaultInstall
START /WAIT rundll32 %SystemRoot%\system32\ADVPACK.DLL,LaunchINFSection HDCURO.inf,DefaultInstall
:: -----------------------------------------------------------------------------------------
CD %SystemRoot%\System32 >NUL
START /WAIT %SystemRoot%\System32\CreateUser.exe
:: -----------------------------------------------------------------------------------------
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /d 1 /f
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /d 123 /f
:: -----------------------------------------------------------------------------------------
net user aspnet /delete
net user HelpAssistant /delete
net user SUPPORT_388945a0 /delete
:: -----------------------------------------------------------------------------------------
cls

I've taken all my pants off!

[pkoppelaar]

Ok thanks, a bit late though, I already figured out how to install inf files. I use almost the same syntax as you, but without the START /WAIT. What is the difference? (I run it from cmdlines.txt)

What questions me is your way of adding users. I use nLite to add users to my install and some of them are normal Users, the XP GUI names them Limited users. If I login on such an acount directly after the installation, I see some cmd windows and then an error stating the Inf could not be installed. I thought that was supposed to happen during setup...?

I also got problems writing specific registry keys (UIhost for example) from a Limited account, so I'm switching those accounts to administrator anyway.

This post has been edited by pkoppelaar: 19 October 2006 - 02:05 AM