[gptalk] Re: Registry Key
- From: "Mesidor, Jean" <jean.mesidor@xxxxxxxxxxx>
- To: gptalk@xxxxxxxxxxxxx
- Date: Thu, 12 Jul 2007 23:37:48 -0400
I am trying to prevent sms from installing on clients and the ways to do. That
is by adding a ccmsetup key under hklm, but the permissions should be set that
the installation gets access denied when pushing the client. I am using desktop
standard to. Create that key and it works. The only problem is that it it
inherits parent permissions. I can fix the permission, but once I reboot the
test client it reverts back to administrators, crearor owner, system etc. I
would greatly appreciate if you can help please.
Thanks,
Jean
----- Original Message -----
From: gptalk-bounce@xxxxxxxxxxxxx <gptalk-bounce@xxxxxxxxxxxxx>
To: gptalk@xxxxxxxxxxxxx <gptalk@xxxxxxxxxxxxx>
Sent: Thu Jul 12 23:31:29 2007
Subject: [gptalk] Re: Registry Key
That’s not possible AFAIK. You can’t have no permissions on a key. In that
case, it will always fall back to some default set of permissions. What are you
really trying to accomplish?
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Mesidor, Jean
Sent: Thursday, July 12, 2007 8:27 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Registry Key
Darren,
No matter which option I pick, the permissions still come down. What I am
trying to do, if it is possible, is to even get rid of all permissions on the
key I am adding.
Thanks,
Jean
----- Original Message -----
From: gptalk-bounce@xxxxxxxxxxxxx <gptalk-bounce@xxxxxxxxxxxxx>
To: gptalk@xxxxxxxxxxxxx <gptalk@xxxxxxxxxxxxx>
Sent: Thu Jul 12 18:58:32 2007
Subject: [gptalk] Re: Registry Key
Well, the two main choices let you choose whether you want permissions from
parent keys to propagate into your controlled key in addition to the
permissions you specify in the policy. If you don’t—that is, if you want to
break inheritance completely with the parent keys, then you choose “do not
allow permissions to be replaced”. If you do, then you choose the first option
and then within that, whether you want your permissions to be inherited
downward or not.
Hope that helps,
Darren
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Mesidor, Jean
Sent: Thursday, July 12, 2007 2:53 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Registry Key
Yes, which one to pick?
----- Original Message -----
From: gptalk-bounce@xxxxxxxxxxxxx <gptalk-bounce@xxxxxxxxxxxxx>
To: gptalk@xxxxxxxxxxxxx <gptalk@xxxxxxxxxxxxx>
Sent: Thu Jul 12 17:17:10 2007
Subject: [gptalk] Re: Registry Key
So are you asking which one to choose?
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Mesidor, Jean
Sent: Thursday, July 12, 2007 2:05 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Registry Key
Darren,
I am using the gpmc's built in security', however, the options I am getting are:
Propogate inheritable permission
Allow inheritable permissions
Don't allow permission toi be replaced.
This is where my dilemna is.
Thanks,
Jean
----- Original Message -----
From: gptalk-bounce@xxxxxxxxxxxxx <gptalk-bounce@xxxxxxxxxxxxx>
To: gptalk@xxxxxxxxxxxxx <gptalk@xxxxxxxxxxxxx>
Sent: Thu Jul 12 15:45:44 2007
Subject: [gptalk] Re: Registry Key
Jean-
There’s a couple of ways to do that. You can use Group Policy’s built-in
registry security capability or you could use a combination of a startup script
(assuming the key is under HKLM) and a utility like subinacl.exe to do it.
Darren
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Mesidor, Jean
Sent: Thursday, July 12, 2007 12:28 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Registry Key
I am trying to create a registry key to a GPO to prevent SMS installation on
some clients. I am using GPMC to do that, but I can't modify the security on
the key.. How can I achieve that please?
Thanks,
Jean
Other related posts:
