Re: script to modify ntuser.bat of restricted user

Not possible with login script, which runs after policy processing
complete (i.e. hive loaded), and also because user context does not
have the rights to modify the policy keys that intend to control it.
As Drew points out, perhaps we should address this by looking at
what it is you are trying to accomplish with this purging of these
user policy keys, and find a way that uses the provided mechanisms.

--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"MichaelMartis" <mtmartis@yahoo.com> wrote in message
news:0B2D6B55-8329-4E71-BF10-4E5865CD247F@microsoft.com...

> Here is my situation. I created a batch as follows:
>
> attrib c:\docume~1\%username%\ntuser.dat -h
> REG LOAD HKU\ntuser C:\docume~1\%username%\ntuser.dat
> REG DELETE "HKU\ntuser\software\policies\microsoft\office " /f
> REG DELETE "HKU\ntuser\software\policies\microsoft\shared tools" /f
> REG UNLOAD HKU\ntuser
> attrib c:\docume~1\%username%\ntuser.dat +h
>
> I need it to load the ntuser.dat to HKU for the user logging int hen

delete certain keys from the ntuser.dat hive

>
> I know that if the user already is logged in, I can not load their

ntuser.dat into the HKU branch.

> So I need to have this script run for the user logging in BUT BEFORE the

ntuser.dat loads.

> The user machines are Windows XP authenticating Windows 2000 DC and

Novell as well.

>
>
> Is this possible, Please advise
>