How can I change a HKCU setting within Windows during an OSD deployment

[roshanbhavsar04]

Hey TechGuys,

 

can anybody help to write a script for windows xp computers set " adjust for best performance" in computer properties. I need to make a deployment this package over 300+ computers in our office.

 

 

-Roshan

[ws2000]

Hello

 

I am trying to use the process you documented in MDT 2013 Update 1 on Windows 10 1511. I am finding that not all the keys in my import file are being applied to the new profiles. Below are some examples.

 

Privacy

;AccountInfo

[HKEY_LOCAL_MACHINE\Defuser\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{C1D23ACC-752B-43E5-8448-8D0E519CD6D6}]

"Value"="Deny"

;Calendar

[HKEY_LOCAL_MACHINE\Defuser\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{D89823BA-7180-4B81-B50C-7E471E6121A3}]

"Value"="Deny"

;CallHistory

[HKEY_LOCAL_MACHINE\Defuser\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{8BC668CF-7728-45BD-93F8-CF2B3B41D7AB}]

"Value"="Deny"

;Camera

[HKEY_LOCAL_MACHINE\Defuser\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{E5323777-F976-4f5b-9B55-B94699C46E44}]

"Value"="Deny"

;Email

[HKEY_LOCAL_MACHINE\Defuser\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{9231CB4C-BF57-4AF3-8C55-FDA7BFCC04C5}]

"Value"="Deny"

;Location

[HKEY_LOCAL_MACHINE\Defuser\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}]

"Value"="Deny"

;Messages

[HKEY_LOCAL_MACHINE\Defuser\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{992AFA70-6F47-4148-B3E9-3003349C1548}]

"Value"="Deny"

;Microphone

[HKEY_LOCAL_MACHINE\Defuser\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{2EEF81BE-33FA-4800-9670-1CD474972C3F}]

"Value"="Deny"

;Names

[HKEY_LOCAL_MACHINE\Defuser\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{C1D23ACC-752B-43E5-8448-8D0E519CD6D6}]

"Value"="Deny"

;SyncWithDevices

[HKEY_LOCAL_MACHINE\Defuser\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled]

"Value"="Deny"

Edge

;Edge Main Settings

[HKEY_LOCAL_MACHINE\Defuser\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main]

"DoNotTrack"=dword:00000001

"HomeButtonEnabled"=dword:00000001

"FormSuggest Passwords"="no"

"HomeButtonPage"="http:XXXXXXXXX"

;Edge New Tab

[HKEY_LOCAL_MACHINE\Defuser\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI]

"NewTabPageDisplayOption"=dword:00000002

;Edge No First Run Page

[HKEY_LOCAL_MACHINE\Defuser\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing]

"NTPFirstRun"=dword:00000001

;Edge Page Prediction

[HKEY_LOCAL_MACHINE\Defuser\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead]

"FPEnabled"=dword:00000000

 

Any ideas why these would not get applied while others are successful?

[ws2000]

I did verify that the keys are being created correctly. I ran cmd.exe /c reg.exe load HKEY_LOCAL_MACHINE\defuser c:\users\default\ntuser.dat and opened defuser in the registry. The just didn't copy to the new profiles for some reason.

 

Thanks in advance!

[anyweb]

did you verify that the reg load, inject, reg unload steps (three) all completed successfully in smsts.log, using a pause as explained here will help

[ws2000]

Hello

 

A bit more background. I'm trying to get this working in MDT 2013 UD1 deploying Windows 10 Pro x64 1511. I originally found your site when I was trying to deploy a customized Start menu. In that thread you advised me to stop using CopyProfile which brought me here as i was looking for an alternative. I have not tried the pause script you referenced above but I'm not sure that it would help me.

 

I have created a .bat file with about 20 to 30 lines of HCKU settings in the following format.

 

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{C1D23ACC-752B-43E5-8448-8D0E519CD6D6}" /v "Value" /t REG_SZ /d "Deny" /f

 

I copy my .bat file to the Admin desktop and pause it right after running (As Admin) REG.EXE LOAD HKEY_LOCAL_MACHINE\Default C:\Users\Default\ntuser.dat. I open the registry and I can see the Default key and I then close registry. I let the .bat run and pause it again prior to REG.EXE UNLOAD HKEY_LOCAL_MACHINE\Default. Open the registry and expand Default. All my imported settings are present. So I finish the script, restart the PC and sign in with a new profile. Many of my new HKCU settings are there but about 1/4 are missing.

 

Examples of missing

REG ADD "HKEY_LOCAL_MACHINE\Control Panel\Desktop" /v "Wallpaper" /t REG_SZ /d "C:\Windows\Web\Wallpaper\MyWallpaper10\IMG_6900.jpg" /f (Still default Windows image)

Most all of the Privacy Keys

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{C1D23ACC-752B-43E5-8448-8D0E519CD6D6}" /v "Value" /t REG_SZ /d "Deny" /f (Still Allow)

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled" /v "Value" /t REG_SZ /d "Deny" /f (Still Allow)

 

I'm stumped. CopyProfile was very handy but this would be ok if it worked. By the way... my custom start menu is now working as advertised.

 

Thanks

[joengelhart]

you are trying to apply settings to the Current User section of the registry which won't work during a task sequence as the task sequence runs for Computers not users,

you can get around this by mounting the registry hive for the Default User, making the changes using your chosen registry file which is pointing to this mount point, then commit the changes,

 

what this will mean is that All new user profiles on that computer will get the change, here's an example of that for a Windows 7 deployment (you will need to adjust accordingly for Windows XP so that C:\Users becomes C:\Documents and Settings\)

 

Below is an example for modifying HKCU settings for Windows 7

 

the first step will Load the Default User registry hive into a mountpoint called Defuser using a Run Command Line step like so

cmd.exe /c reg.exe load HKEY_LOCAL_MACHINE\defuser c:\users\default\ntuser.dat
 

in the next step we import the Registry file in another Run Command Line step this Registry file can be a file in a package.

cmd.exe /c reg.exe import "Userprefs.reg"
 

the important thing here is that the registry file refers to the mountpoint referenced in our first step, below is an example of that

 

 

 

Are you running this while in the "boot image" or while in the "currently installed OS"?

 

Thanks