You can get a users SID in a batch script. It just requires the use of REG (to get the SID list), FINDSTR (to find the users sid), and FOR (to parse the info) commands.
-- Espi On Wed, Oct 28, 2015 at 3:12 AM, James Rankin <[email protected]> wrote: > GPP wouldn’t do the trick, because I need to grab the user’s SID first > and use it as part of the Registry path, so that would necessitate some > scripting anyway. > > > > I suppose I could use batch by pulling the user’s sid with this command > > > > for /f "skip=5 tokens=2 delims= " %%a in ('whoami /user /fo list') do set > USERSID=%%a > > > > but that just feels clunky to me. I know the script works (when I run it > as a logged-in user, it works perfectly) – it just doesn’t appear to run > at all when I use a PowerShell logon script. > > > > Cheers, > > > > > > > > JR > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Gavin Wilby > *Sent:* 28 October 2015 09:43 > *To:* '[email protected]' <[email protected]> > *Subject:* RE: [NTSysADM] RE: PowerShell setting registry value via logon > script > > > > Any reason why you can’t use GPP for this? > > > > Or even a basic *reg add* batch file? > > > > *Gavin Wilby* > > *IT Support Engineer* > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *[email protected] > *Sent:* 27 October 2015 22:52 > *To:* [email protected] > *Subject:* Re: [NTSysADM] RE: PowerShell setting registry value via logon > script > > > > Group Policy Logon Script, Powershell tab > > Sent from my BlackBerry® smartphone on O2 > ------------------------------ > > *From: *"Michael B. Smith" <[email protected]> > > *Sender: *<[email protected]> > > *Date: *Tue, 27 Oct 2015 22:49:02 +0000 > > *To: *[email protected]<[email protected]> > > *ReplyTo: *<[email protected]> > > *Subject: *[NTSysADM] RE: PowerShell setting registry value via logon > script > > > > How, exactly, are you executing the PowerShell logon script? > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *James Rankin > *Sent:* Tuesday, October 27, 2015 5:58 PM > *To:* [email protected] > *Subject:* [NTSysADM] PowerShell setting registry value via logon script > > > > I am trying to use a PowerShell logon script to change the user’s profile > state value in the Registry to simulate a roaming profile (to allow Cookies > to be saved properly in IE11). To do this I need the user’s SID, which I > am pulling out and then setting the Registry value. > > > > The script I am using is this > > > > $USERSID = ([Security.Principal.WindowsIdentity]::GetCurrent()).User.Value > > $regpath = "HKLM:\Software\Microsoft\Windows > NT\CurrentVersion\ProfileList\$USERSID" > > $name = "State" > > Set-ItemProperty -Path $regpath -Name $name -Value "20" > > > > When I run this as the user (logged in), it works perfectly. The Execution > Policy is set correctly and also I have used a script to change the > Registry permissions at computer startup so that the user has Full Control > of the target key. > > > > However, when run as a GPO Logon Script the value is never set. Am I > missing something here about how PowerShell logon scripts execute? If I use > a third-party piece of software (AppSense EM) to do this at logon, it also > works perfectly. > > > > It’s a Windows Server 2012 R2 system running XenApp 7.6 FP3 that I am > trying to execute this on, for the record. > > > > TIA, > > > > > > > > *James Rankin* > > EUC Director | HTG TaloSys | 07809 668579 | [email protected] > > One Trinity Green, Eldon Street, South Shields, Tyne & Wear, NE33 1SA > > Tel: 0191 481 3489 > > Email address: [email protected] > > Website: www.talosys.co.uk > > [image: phpy9YoGNAM] > > > > SMP Partners Limited, SMP Trustees Limited and SMP Fund Services Limited > are licensed by the Isle of Man Financial Supervision Commission. SMP > Accounting & Tax Limited is a member of the ICAEW Practice Assurance Scheme. > > SMP Partners Limited registered in the Isle of Man, Company Registration > No: 000908V > Directors: M.W. Denton, M.J. Derbyshire, S.E McGowan, O. Peck, J.J. Scott, > S.J. Turner > > SMP Trustees Limited registered in the Isle of Man, Company Registration > No: 068396C > Directors: A.C. Baggesen, J.M. Cubbon, M.W. Denton, K.M. Goldie, O Peck, > J. Watterson > > SMP Fund Services Limited registered in the Isle of Man, Company > Registration No: 120288C > Directors: V. Campbell, R.K. Corkhill, M.W. Denton, D.A. Manser, S.E > McGowan, J.J. Scott > > SMP Accounting & Tax Limited registered in the Isle of Man, Company > Registration No: 001316V > Directors: I.F. Begley, A.J. Dowling, P. Duchars, J.J. Scott, S.J. Turner > > SMP Capital Markets Limited registered in the Isle of Man, Company > Registration No: 002438V > Directors: M.W. Denton, M.J. Derbyshire, D.F Hudson, S.E McGowan, O. Peck, > J.J. Scott. > > SMP Partners Limited, SMP Trustees Limited, SMP Fund Services Limited, SMP > Accounting & Tax Limited and SMP Capital Markets Limited are members of the > SMP Partners Group of Companies. > > > > This email is confidential and is subject to disclaimers. Details can be > found at: http://www.smppartners.com/disclaimer.html > ______________________________________________________________________ > This email has been scanned by the Symantec Email Security.cloud service. > For more information please visit http://www.symanteccloud.com > ______________________________________________________________________ >
