I am trying to deploy a user environment variable to computers.  I have an existing package that runs regedit /s "regfile.reg" which specifies an NTLM setting for certain computers, this works via sccm.  I thought well Ill just create another package and do the same thing for the user environment variable.  When i execute the envar.reg file it works, when I have sccm deploy it via mandatory deployment it does not work.  I thought ok ill create a powershell script that will set this value, it does not work either, but will if i execute it.  Why can I not set a reg entry in the HKLU through SCCM but I can an entry in HKLM?  I thought well maybe I need to deploy it to users instead of computers but I couldn't get that to work either.  

Any Ideas??

Is it set to run in the context of the logged in user? Are user rights sufficient?

Hi,

In the programs properties you should choose "Run with User Right's" then it will be run with the users permissions in the user context. This can of course also be an issue, so you can always fall back to using an activesetup instead that then is executed once for each user logging on to the machine.

http://www.itninja.com/blog/view/appdeploy-articles-activesetup

Regards,
Jrgen

Users are not local administrators and I need to set the environment variable for a software license.  Will that still work?

Users are not local administrators and I need to set the environment variable for a software license.  Will that still work?

Generally, a user account will have full access to read/write to their own HKCU, and, the LocalSystem account (which ConfigMgr uses when you "install for system") has full access to read/write to HKLM. LocalSystem has no access to a user's HKCU because HKCU for a user is only mounted when that particular user is logged-on.

So, yes, if you are writing regkeys into HKCU you will need to do it as "install for user" and that user can be expected to have enough permissions to succeed.

I would use activesetup for this, it will then allow you to deploy to a machine instead of a user. The key thing here is though when each user of the machine logs in for the first time it will add in whatever you wanted it to to.

here is an example.

https://social.technet.microsoft.com/Forums/en-US/ab2c56b7-9a8c-4e3d-a7d2-2e2c3961bddc/rename-registry-value-of-client-machine-through-sccm-2012?forum=configmanagerapps

The example is how to rename an existing registry value, what if I need to simply create it?  Its just a user environment variable.

An alternative, if you are operating with domain-member computers, is to use Group Policy Preferences - Environment Variables, which was designed for this exact purpose:

https://technet.microsoft.com/en-us/library/cc770493.aspx

You can also use configuration baselines / items to set HKCU stuff on clients. 

Most of the time for a Current user registry change or access to the user profile like %currentuser%, I have created a Baseline and check the box that says something like "run with current user rights"

Configuration Baselines will modify an existing registry value but I dont think it will create one from what I understand.