search

jborean93 / ansible-windows

Scripts that are useful for using Ansible with Windows - not affiliated with Ansible in any way
MIT License
211 stars 232 forks source link

Change RunOnce from HKLM to HKCU #22

Open keteague opened 4 years ago

keteague commented 4 years ago

If the script is run without admin priv's, I get this:

VERBOSE: 2020-04-30T12:43:07 - INFO - process completed with exit code '3010'
VERBOSE: 2020-04-30T12:43:07 - INFO - adding script to run on next logon
Set-ItemProperty : Requested registry access is not allowed.
At C:\Users\Owner\Documents\Upgrade-PowerShell.ps1:123 char:21
+     Set-ItemProperty <<<<  -Path $reg_key -Name $reg_property_name -Value $command
    + CategoryInfo          : PermissionDenied: (HKEY_LOCAL_MACH...Version\RunOnce:String) [Set-ItemProperty], Securit
   yException
    + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.SetItemPropertyCommand

If the script has to run again after a reboot, you must specify the -username and -password args. Typically, username would be the same user that is currently logged in when the script is first run.

Remove -username and automatically fill it in with the current user that's logged in. Remove -password and have it prompt for the password in a dialog box or user input at the command line.

Replace: $reg_key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"

With: $reg_key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"

jborean93 commented 4 years ago

I'm not sure what this helps. To run either of the upgrade or install the WMF hotfix requires you to be an administrator so you should have access to the HKLM hive. The purpose of not auto filling the RunOnce keys is to allow the user to handle the reboot themselves and not populate the reg keys with a plaintext credential. I'm not comfortable with the scripts always populating those keys if the user has not specified any credentials to do so.