Hi
I'm trying to set up Oracle ODBC drivers which seem to HAVE to have components in HKLM - I accept that normmaly this can't be done (Cannot capture or insert values in the HKEY_LOCAL_MACHINE registry hive in UEM (2146182) | VMware KB is quite clear on that)
However, even running a "reg import "\\server\filename.reg"" doesn't work
So a few questions;
Cheers
ACM
I'm using UEM to modify HKLM. Just be mindful that the user needs to have write permissions to the HKLM tree you're trying to modify.
For example, Bloomberg Professional installs in a way that gives local users write permission to its HKLM registry tree. I use UEM to create a predefined registry setting to influence how Bloomberg stores user settings:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Bloomberg L.P.\User Info]
"Use HKCU"=dword:00000001
Thanks - I think that answers the question as our normal users can't write to HKLM - poop!
You can modify the registry settings of an HKLM tree, just be sure that you're not over-permissioning and causing a security exposure.
For example with Adobe Reader DC, I use UEM to put in a value in HKLM to disable auto-updating:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown]
However, [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Adobe] is not writable by default, so we had to change the permissions in the parent VM to allow the user to write there.
What would not have been good is if we modified [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies] because that would allow users to override any GPO policies settings.
Ta - this is just me being lazy as I wanted to distribute ODBC DSNs purely via UEM - but it looks like I may have to put them in a stack - lots of users use databases specific to stacks, but without actually having the application stack.
Cheers
ACM
I tried doing registry changes via appstacks and the only way I found worked involved having the hidden appstack batch files import the regedits. I didn't like this because it was cumbersome to update the regedits.
But you're saying that your oracle app doesn't accept ODBC connections in HKCU? If it did, you could just have UEM import them into HKCU instead easily. I would not change the permissions on HKLM\Software\ODBC or HKLM\Software\Wow6432Node\ODBC.
Can you share the registry edit in HKLM that you need to make?
In HKLU ODBC works, as long as the driver is in the base image. In this case the Driver and Oracle Home are on a network location and not in the base image, which means I need to add the relevant driver settings as well - which seem to only work in HKLM. Going home now!
Hi. Could you outline in more detail how you accomplish this? I also have Bloomberg and would like to do the exact same thing via UEM.
Thanks
Could I not just create "Use HKCU"=dword:00000001 in the HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Bloomberg L.P.\User Info of the VDI "Golden" image? Is there even a need to have UEM create that key? This of course assumes I'm installing Bloomberg locally on the image, and not delivered via App Volumes.
Hi iforbes,
If Bloomberg does indeed grant non-admin users modify permissions on its HKLM key (as VDIMega stated in Re: Hk Local Machine - is there really no way ? (plus questions about logon task)), you could use UEM to set that Use HKCU value, but if you can make the change in your golden image, you indeed do not need UEM for that.
Thanks UEMdev,
I think this has answered my other questions around HKLM and UEM. I know UEM is strictly a user profile capture solution and only supports the HKCU hive. It sounds like if we are able to allow users permissions to specific registry keys, then UEM can actually read and write to HKLM?
Lastly, when I use Application Profiler to capture an app config. I notice many HKLM references. Why does UEM even bother capturing any HKLM references if it can't do anything with them anyways?