Hello,
Server:
Version: 2.5.5.15697
OS: Debian 12.7
Client:
Windows 11 23H2
I would like to block specific executables based on the user account.
To do this, I would like to use the command
`registry_setstring(HKEY_CURRENT_USER, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun", '1', 'powershell.exe', type=REG_SZ)`
to block PowerShell, for example.
However, I get a PermissionError: [WinError 5] Access is denied. The user cannot write to this registry.
Is there a way to work around this and successfully set this registry?
Thank you for your help.
Have a good day.
Using the disallowrun registry in session_setup
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
dcardon
- WAPT Expert
- Messages: 1929
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hello guigeek,
what we see in the HKCU user registry with regedit is a mount of the NTUSER.dat and UsrClass.dat databases, as well as Appx-specific parts and parts related to the user GPO.
In this case, the key you want to change, SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies, is part of the user GPOs, if I'm not mistaken, and therefore cannot be modified by the user.
You can try the LGPO tool to define a local GPO that makes the change in question.
@Jacky, it must have been launched in session_setup if the access rights are incorrect
. Regards,
Denis
what we see in the HKCU user registry with regedit is a mount of the NTUSER.dat and UsrClass.dat databases, as well as Appx-specific parts and parts related to the user GPO.
In this case, the key you want to change, SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies, is part of the user GPOs, if I'm not mistaken, and therefore cannot be modified by the user.
You can try the LGPO tool to define a local GPO that makes the change in question.
@Jacky, it must have been launched in session_setup if the access rights are incorrect
. Regards,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
