Hi all, windows sys admin noob here so apologies if this is a really dumb question!
I’m trying to configure/restrict a non-admin Windows user using Ansible. Since local group policies in Windows are just registry keys, I tried using the win_regedit module to set registry keys in HKCU. I haven’t had success doing this and keep getting “Access Denied” (which makes sense to me because the user should not be able to edit these registry keys himself).
How would I best restrict a non-admin Windows user so that I can, for example, disable the control panel for that user?
Should that have worked? Also tried setting it with the become, but kept getting Access Denied errors (which made sense to me since the user should not be able to change group policy this registry key)
The hive specified by hive is loaded into HKLM:\ANSIBLE so any changed under there will edit that hive. It’s the same as your reg load example except that you chose to load it under HKU:\TempHive. The HKCU key is just a helper shortcut that refers to the current user’s hive, so by editing C:\Users\foo\NTUSER.DAT you’ll be editing HKCU for the foo user when they log in again.