Hi Neil, We have designed our own 'secure dispatcher' which provides an api which we can utilise in scripts which allow the scripts to 'do stuff' under the context of a specific user id. So, some keys in software\policies need to be touched by a script which uses the security context of the specific id, but the perms set on the keys get stamped on by userenv. I have traced the userenv.dll and got : USERENV(b14.858) 11:40:31:165 ResetPolicies: Entering. USERENV(b14.858) 11:40:31:165 SetRegPermissionsOnPoliciesKey: Resetting permission on the policy key USERENV(b14.858) 11:40:31:165 SetRegPermissionsOnPoliciesKey: Resetting permission on the policy key so, it looks like you are right, rework of OS required... we have plenty of development expertise and rewiring parts of the OS so it is a possibility for us....which is nice.. ...will keep you guys posted. Brianos :o) -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf Of Braebaum, Neil Sent: 04 November 2004 11:51 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: super mandatory / flex profiles Um, I don't think you can easily get around that, it'll likely be considered "by design". I'm not aware of any way of changing it, bar hacking the login process. What issues is it causing you? Neil > -----Original Message----- > From: thin-bounce@xxxxxxxxxxxxx > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Lilley, Brian > Sent: 04 November 2004 11:15 > To: 'thin@xxxxxxxxxxxxx' > Subject: [THIN] super mandatory / flex profiles > > hi list! > > I am using the flex profile kit on our w2k03 term servers. I > have set the permissions of the HKCU\Software\Policies key, > yet when a user logs on, this reg keys permissions set are > lost and reset with perms for ... the user logging on, System > and Administrators. > > I have traced a logon using regmon and it is the OS that is > resetting perms on this key. Anyone have any clues how I can > stop this? i.e. get the perms set on the mandatory profile to > remain intact? > > thanks in advance, Brianos *********************************************** This e-mail and its attachments are confidential and are intended for the above named recipient only. If this has come to you in error, please notify the sender immediately and delete this e-mail from your system. You must take no action based on this, nor must you copy or disclose it or any part of its contents to any person or organisation. Statements and opinions contained in this email may not necessarily represent those of Littlewoods. Please note that e-mail communications may be monitored. The registered office of Littlewoods Limited and its subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB. Registered number of Littlewoods Limited is 262152. ************************************************ ******************************************************** This Weeks Sponsor Emergent Online ThinCity Conference Join us at ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference http://www.ThinCity.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ============================================================================== This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. ============================================================================== ******************************************************** This Weeks Sponsor Emergent Online ThinCity Conference Join us at ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference http://www.ThinCity.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm