/build/static/layout/Breadcrumb_cap_w.png

Security Question


Deploying User registry policies via KACE K1000

10/15/2020 202 views

We've been tasked with applying screensaver setting and timeout policies to all of our devices. Were currently trying to figure out how to do this for off network devices that won't have a line of sight to a domain controller.


We've used the K1000 registry policies in the past for computer policy objects but are not certain how we'd accomplish this for user policies as they have to be ran in user context for each user who logs into the system as the policies reside within HKCU. 

What would be the best way to accomplish this?

The only option I've been able to figure out is having an online script set to run once every hour or so as the logged on user but I have concerns whether that could cause performance issues for our appliance.


The current fallback idea would be pushing out a local policy package to c:\windows\system32\grouppolicy


P.S. I do understand that setting user policies such as this via registry isn't ideal and would be difficult to cleanup although have limited options without Intune or an always on VPN 

0 Comments   [ + ] Show comments

Comments


All Answers

0

Generally machine based policies will apply to users, so setting registry values in HKLM\Software\Policies will control user settings. If you are finding this isn't the case for what you are setting, then you can use a script that will load registry keys to the default user hive and all current user hives. Here's a script that we used to change a setting in PowerPoint years ago:

@echo off
rem This script will turn off the PowerPoint 2013 Presenter Mode Setting for all users
echo Updating default user profile
reg load HKU\Def c:\users\default\ntuser.dat
regedit /s settings.reg
reg unload HKU\Def
for /D %%u in (\Users\*) do (
echo Updating options for %%u
reg load HKU\Def %%u\ntuser.dat
regedit /s settings.reg
reg unload HKU\Def
)
echo All Done here

One trick to this is to format the settings.reg file appropriately. The script loads the registry hive to HKEY_USERS\Def, so the settings.reg file needs to match that path. What I normally do is export the relevant keys from the registry and then replace HKEY_CURRENT_USER with HKEY_USERS\Def.


Answered 10/16/2020 by: chucksteel
Red Belt

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ