1 of 1 people found this helpful
Patch Manager packages run under the SYSTEM context so any changes to HKEY_Current_User will affect the SYSTEM profile and not any other users. There is no simple way to modify specific user registry values within a package. The only way I would see this working is if you wrote a script that iterates through all the existing user hives and makes the changes but if a new user logged in after the fact the changes would not be present. If you can add the certs to the machine and have it work for all users that would be preferable. If that isn't an option then I would use Group Policy Preferences to set the required registry keys at a user level.
A script to add to the existing user hives would be fine, although I am not entirely sure how to do that, but that's a starting point.
There isn't a concern about a new user logging in, these are single user laptops. It just needs to be installed for the current profile.
Group policy preferences are, unfortunately, not an option for a significant segment of our users who do not log into the domain, or if they do, they do not have DNS registration enabled and so the remote registry fails. I have been tasked to apply this uniformly to all users regardless of their connection.
So you think the issue is that I am trying to write to HKCU, and if I run a regedit in a package to install to the user hives directly that would work?
I made an MSI file to copy my REG files over to the workstation, then had package boot execute the one for HKLM to set up the second to run as Active Setup under the user's context. It worked flawlessly. It was definitely the fact that the package was trying to write to the HKCU hive that was the issue.