Problems updateing the HKCU hive thru MDM Command Line

MikeCollatos
Just browsing

Problems updateing the HKCU hive thru MDM Command Line

I am trying to set the Screen Saver keys for a user thru the command line in Meraki MDM but when I enter the commands to update the keys it doesn't update the HKCU hive for the user but rather the HKU\.DEFAULT hive instead.

How do I get it to write to the HKCU hive?

Commands:

REG ADD "HKCU\Control Panel\Desktop" /v ScreenSaverSecure /t REG_SZ /d 1 /f
REG ADD "HKCU\Control Panel\Desktop" /v ScreenSaverTimeOut /t REG_SZ /d 900 /f
REG ADD "HKCU\\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d C:\Windows\system32\scrnsave.scr /f

8 REPLIES 8
PhilipDAth
Kind of a big deal
Kind of a big deal

You won't be able to.  Commands like that get run as SYSTEM, and not in the user context.

Thanks, was hoping there was some kind of work around or something.... Argh...

Problem is, that I inherited an absolute mess of a Windows 10 deployment that I am now trying to clean up. In fact the worst Windows Deployment I have ever seen in 22 years of IT work... LOL

I have several hundred laptops that are remote that I need to set a bunch of policy settings on and the only means to touch the laptops is Cisco MDM. Was hoping to do them in batches of 10 at a time...

I think I would be tempted to use something like 7z and create a self-extracting archive.  That archive would contain a PowerShell script.  Have 7z.exe run that script automatically.

http://ntsblog.homedev.com.au/index.php/2015/05/14/self-extracting-archive-runs-setup-exe-7zip-sfx-s... 

 

It may even be possible to simplify this and upload the actual PowerShell script itself as the "app" and skip the whole 7z part.

 

Then deploy that through Systems Manager as an App.  I think it has a tick box to let you deploy it in the users account.

 

Then you could update your "app" everytime you wanted to by uploading it to the Meraki portal and bumping the version number.

 

 

You could even use tags to create groups of users, so you could deploy different scripts to different groups based on their function.

T1
Building a reputation

I usually code thing like that in Powershell, then wrap the script as .msi, sign it and push as an app.

PhilipDAth
Kind of a big deal
Kind of a big deal

What tool do you use to wrap it as an MSI?

T1
Building a reputation

https://gallery.technet.microsoft.com/scriptcenter/PS2EXE-Convert-PowerShell-9e4e07f1

 

There is also a GUI version of it:

https://gallery.technet.microsoft.com/scriptcenter/PS2EXE-GUI-Convert-e7cb69d5

 

I use MSIWrapper for .exe to .msi conversion and sign it with signtool.exe. There is probably a better or easier way to do it but this is what I stick to right now.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels