Registry Merge not working

[Tripredacus]

I am working on testing a reg file to run via FirstLogonCommands. I begin by testing on a regular OS (to save time) and once it works, I will add to the answer file. The problem is that while I can do a merge, none of the new values actually appear in the registry, and as such, do not actually make the changes. For the normal test, I right-click on the regfile and click Merge. I get no errors. Here is the reg file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"HideSCAHealth"=DWORD:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\URL History]
"DaysToSave"=DWORD:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\domain.com]
@=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\domain.com\www]
"http"=DWORD:00000002

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\domain.net]
@=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\domain.net\www]
"https"=DWORD:00000002

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
"iexplore.exe"=DWORD:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"HideFileExt"=DWORD:00000000
"Hidden"=DWORD:00000001

The test platform is 7PRO 32. What am I doing wrong?

I may try testing using AutoIT as well, but I figure I should know how to do this.

[myselfidem]

Have you tried like this ?: (select the path file you set the registry file)

<FirstLogonCommands>
    <SynchronousCommand wcm:action="add">
        <Order>1</Order>
        <CommandLine>cmd /c reg.exe import %systemdrive%\Install\Tweaks.reg</CommandLine>
        <Description>Customized settings</Description>
        <RequiresUserInput>false</RequiresUserInput>
        </SynchronousCommand>

Or:

<FirstLogonCommands>
    <SynchronousCommand wcm:action="add">
        <Order>1</Order>
        <CommandLine>CMD /C REGEDIT /S %Windir%\Setup\scripts\Tweaks.reg</CommandLine>
        <Description>Customized settings</Description>
        <RequiresUserInput>false</RequiresUserInput>
        </SynchronousCommand>

Edited December 28, 2011 by myselfidem

[Tripredacus]

Haven't gotten to that point yet! Although we may not need it. I tested with an AutoIT exe and it was able to write to the registry fine (even though a couple of those settings I posted are wrong) so worst case scenario I can just use that exe. Its just odd that a standard right-click Merge doesn't seem to work.

[Yzöwl]

I'm fairly certain that a regular user can only read from "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" so you'd certainly need to be elevated to write to it in a regular session.

[Tripredacus]

Ah yes. Perhaps it needs *more* elevation, as with UAC enabled, it still will open the elevation prompt if you simply choose to do the Merge option.

[iamtheky]

then they should work fine from firstlogoncommands as myselfidem laid out:

Commands run during FirstLogonCommands are silently elevated (as long as the logged-on user has administrative privileges) because running these commands requires either editing the registry with administrative privileges or launching Windows Setup with FirstLogonCommands specified in an unattended installation answer file.

http://technet.microsoft.com/en-us/library/cc722150%28WS.10%29.aspx

nm about that: used the top two entries in your file and they run fine under any context here.

so I cant verify, but I have certainly read somewhere that when a limited user elevates for HKLM writes it can jack up HKCU writes, and a recommendation to split those operations. But I have been wronger before.

Edited December 28, 2011 by iamtheky

[Tripredacus]

I will see about using the reg in FirstLogonCommands, but I might just stick with what I know works. It takes over an hour to rebuild the image if sysprep fails.

Anyways, this isn't an unattend topic... I probably shouldn't have even put that in my first post.