Skip to main content
Super User

Return to Question

added 171 characters in body
Source Link
Tiago Duarte
Tiago Duarte
  • 365
  • 1
  • 9
  • 11

I have 2 users:

  • Domain\Me (domain user)

  • .\MeAdmin (local administrator)

I frequently have to update my registry for multiple purposes (IE trusted sites, override policies, etc.).

e.g.

[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gov.pt]

[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gov.pt\portaldasfinancas]
"https"=dword:00000001
"http"=dword:00000001

My problem lies with the fact that have been told that I cannot make myself (domain account) local admin, I have to use an independent local admin account for all administrator tweaks.

The thing is, if I run this as user .\MeAdmin, it will run current user of MeAdmin and not user Domain\Me; if I run as Domain\Me, I will bump into permissions wall.

Is there a way to assign Domain\Me permissions to edit registry without being Administrator, or update current user of that account through local admin?

Note: I've read about remote registry connections, but I was hoping to still run this as a script/shell for automation purposes.

Update: When I run through domain user (all HKEY_CURRENT_USER entries):

enter image description here

I have 2 users:

  • Domain\Me (domain user)

  • .\MeAdmin (local administrator)

I frequently have to update my registry for multiple purposes (IE trusted sites, override policies, etc.).

e.g.

[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gov.pt]

[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gov.pt\portaldasfinancas]
"https"=dword:00000001
"http"=dword:00000001

My problem lies with the fact that have been told that I cannot make myself (domain account) local admin, I have to use an independent local admin account for all administrator tweaks.

The thing is, if I run this as user .\MeAdmin, it will run current user of MeAdmin and not user Domain\Me; if I run as Domain\Me, I will bump into permissions wall.

Is there a way to assign Domain\Me permissions to edit registry without being Administrator, or update current user of that account through local admin?

Note: I've read about remote registry connections, but I was hoping to still run this as a script/shell for automation purposes.

I have 2 users:

  • Domain\Me (domain user)

  • .\MeAdmin (local administrator)

I frequently have to update my registry for multiple purposes (IE trusted sites, override policies, etc.).

e.g.

[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gov.pt]

[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gov.pt\portaldasfinancas]
"https"=dword:00000001
"http"=dword:00000001

My problem lies with the fact that have been told that I cannot make myself (domain account) local admin, I have to use an independent local admin account for all administrator tweaks.

The thing is, if I run this as user .\MeAdmin, it will run current user of MeAdmin and not user Domain\Me; if I run as Domain\Me, I will bump into permissions wall.

Is there a way to assign Domain\Me permissions to edit registry without being Administrator, or update current user of that account through local admin?

Note: I've read about remote registry connections, but I was hoping to still run this as a script/shell for automation purposes.

Update: When I run through domain user (all HKEY_CURRENT_USER entries):

enter image description here

Source Link
Tiago Duarte
Tiago Duarte
  • 365
  • 1
  • 9
  • 11

Write to current user's registry through a different admin account

I have 2 users:

  • Domain\Me (domain user)

  • .\MeAdmin (local administrator)

I frequently have to update my registry for multiple purposes (IE trusted sites, override policies, etc.).

e.g.

[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gov.pt]

[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gov.pt\portaldasfinancas]
"https"=dword:00000001
"http"=dword:00000001

My problem lies with the fact that have been told that I cannot make myself (domain account) local admin, I have to use an independent local admin account for all administrator tweaks.

The thing is, if I run this as user .\MeAdmin, it will run current user of MeAdmin and not user Domain\Me; if I run as Domain\Me, I will bump into permissions wall.

Is there a way to assign Domain\Me permissions to edit registry without being Administrator, or update current user of that account through local admin?

Note: I've read about remote registry connections, but I was hoping to still run this as a script/shell for automation purposes.