Deploying User registry policies via KACE K1000
We've been tasked with applying screensaver setting and timeout policies to all of our devices. Were currently trying to figure out how to do this for off network devices that won't have a line of sight to a domain controller.
We've used the K1000 registry policies in the past for computer policy objects but are not certain how we'd accomplish this for user policies as they have to be ran in user context for each user who logs into the system as the policies reside within HKCU.
What would be the best way to accomplish this?
The only option I've been able to figure out is having an online script set to run once every hour or so as the logged on user but I have concerns whether that could cause performance issues for our appliance.
The current fallback idea would be pushing out a local policy package to c:\windows\system32\grouppolicy
P.S. I do understand that setting user policies such as this via registry isn't ideal and would be difficult to cleanup although have limited options without Intune or an always on VPN
Answers (1)
Generally machine based policies will apply to users, so setting registry values in HKLM\Software\Policies will control user settings. If you are finding this isn't the case for what you are setting, then you can use a script that will load registry keys to the default user hive and all current user hives. Here's a script that we used to change a setting in PowerPoint years ago:
@echo off
rem This script will turn off the PowerPoint 2013 Presenter Mode Setting for all users
echo Updating default user profile
reg load HKU\Def c:\users\default\ntuser.dat
regedit /s settings.reg
reg unload HKU\Def
for /D %%u in (\Users\*) do (
echo Updating options for %%u
reg load HKU\Def %%u\ntuser.dat
regedit /s settings.reg
reg unload HKU\Def
)
echo All Done here
One trick to this is to format the settings.reg file appropriately. The script loads the registry hive to HKEY_USERS\Def, so the settings.reg file needs to match that path. What I normally do is export the relevant keys from the registry and then replace HKEY_CURRENT_USER with HKEY_USERS\Def.