I have a Kix app that runs as a service on my file server. The login script uses a set of APIs to return the result of a user query to this file server. Since the user has READ rights, they can detect if the required settings are present, and if not, submit a request.
If the user submits a request, the server pushes a bat file out to the client and uses the task schedule to immediately execute it with the desired credentials. The updates complete within 20-30 seconds of the login process.
When updating HKCU entries that are secured (as above), the detection returns the user ID so the correct HKU key can be updated by the task.
I push a BAT file because it runs everywhere.. it can make use of network-based locations that contain more sophisticated scripts to do the actual work. Plus, it's much faster to push a 1-2 line BAT file than a copy of Kix and a large script.
I've deployed this at several clients to aid in desktop management, particularly when a policy could not be applied without complex filtering. The advantage of this is that credentials are never exposed, and the user session never runs an elevated context command.
Glenn
_________________________
Actually I
am a Rocket Scientist!
