539 questions
if this is a kcu key, then user don't need to be admins to edit it. there are no tricks to this use PowerShell and edit the key. the deploy it using user rights.
Update reg key via SCCM
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 67%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENK%3C/text%3E%3C/svg%3E)
N Kerr
6
Reputation points
I would like to use SCCM to push out a reg key. The key to be updated is
HKEY_CURRENT_USER\software\policies\microsoft\office\16.0\common
The app will need to have admin access enabled since the users do not have local admin access on their PCs.
Microsoft Security | Intune | Configuration Manager | Application
Microsoft Security | Intune | Configuration Manager | Other
4,608 questions
4 answers
Sort by: Most helpful
-
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 43%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
Gideoney 446 Reputation points2022-11-17T06:23:45.193+00:00 Generally, a user account will have full access to read/write to their own HKCU, and, the LocalSystem account (which ConfigMgr uses when you "install for system") has full access to read/write to HKLM. LocalSystem has no access to a user's HKCU because HKCU for a user is only mounted when that particular user is logged-on.
If you are writing regkeys into HKCU you will need to do it as "install for user" and that user can be expected to have enough permissions to succeed.
-
N Kerr 6 Reputation points
2022-11-18T13:54:39.937+00:00 Do they need to have local admin access in order to have full access to read/write to their own HKCU?
-
Simon Ren-MSFT 40,346 Reputation points Microsoft External Staff2022-11-22T09:25:48.22+00:00 Hi,
Per my experience, no, a user account will have full access to read/write to their own HKCU. Similar threads for your reference:
Rename registry value of client machine through SCCM 2012
How Do I Deploy A reg key via sccm in HKCUThanks for your time. Have a nice day!
Best regards,
Simon
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.