Permission Denied on FileSystemObject.CopyFile even as Administrator

Question

So I'm new to Windows Deployments so I may be doing something basic wrong here. I'm trying to copy a script to a folder in the windows directory during a windows deployment using MDT

Basically what I'm going for is trying to copy a script to the %windir%\\temp\\deploymentscripts folder but I get permission denied even as admin. I'll run through what I think I'm doing

First, elevate to admin
Create %WinDir%\Temp\DeploymentScripts
Copy DefaultShell.vbs to that directory (this is where I get permission denied
Mount ntuser.dat to the registry
Set DefaultShell.vbs to the Run Once for default users
Unmount ntuser.dat

Here's the actual code

Option Explicit 

If WScript.Arguments.length = 0 Then
Dim wshShell : Set wshShell = CreateObject("Shell.Application")
wshShell.ShellExecute "wscript.exe", """" & _
WScript.ScriptFullName & """" &_
 " RunAsAdministrator", , "runas", 1
Else

Dim objFSO : Set objFSO = CreateObject("Scripting.FileSystemObject")
Dim objShell : Set objShell = WScript.CreateObject("WScript.Shell")
Dim TempDir
Dim ParentDir
Dim FullPath
TempDir = objShell.ExpandEnvironmentStrings("%WinDir%\Temp\DeploymentScripts")

If Not (objFSO.FolderExists(TempDir)) Then
objFSO.CreateFolder (TempDir)
End If

ParentDir = objFSO.GetParentFolderName(Wscript.ScriptFullName)
FullPath = ParentDir & "\DefaultShell.vbs"

objFSO.CopyFile FullPath, TempDir, True

objShell.run "reg load HKU\ZZZ C:\users\default\ntuser.dat"
objShell.RegWrite "HKU\ZZZ\Software\Microsoft\Windows\RunOnce\DefaultShell", _
"WScript.exe" & " " & FullPath, "REG_SZ"
objShell.run "reg unload HKU\ZZZ"

End If

Answer 1

A few things:

1. The tempDir variable was not set right. Add a trailing slash, and this should work. eg:

   TempDir = objShell.ExpandEnvironmentStrings("%WinDir%\\Temp\\DeploymentScripts\\")

2. a. You were pointing to the wrong registry location - you were missing CurrentVersion .

   b. The way you are referencing HKU In the regwrite instruction is likely to cause errors. If it does cause an error, for that line only, change it to read HKEY_USERS insdead of HKU .

   eg:

   objShell.RegWrite "HKEY_USERS\\ZZZ\\Software\\Microsoft\\Windows\\Currentversion\\RunOnce\\defaultshell", _ "WScript.exe" & " " & FullPath, "REG_SZ"

3. To be sure that your script runs in sequence, I've added a couple of StdOut.ReadAll() instructions. Without that, the script will continue processing even if you haven't finished loading the hive yet. I guess it just simply tells the script to wait until the reg command finishes before moving on to the next instruction.

Here's a revised version of your script, with these suggestions incorporated.

Option Explicit 

If WScript.Arguments.length = 0 Then
   Dim wshShell : Set wshShell = CreateObject("Shell.Application")
   wshShell.ShellExecute "wscript.exe", """" & _
   WScript.ScriptFullName & """" &_
   " RunAsAdministrator", , "runas", 1

Else

   Dim objFSO : Set objFSO = CreateObject("Scripting.FileSystemObject")
   Dim objShell : Set objShell = WScript.CreateObject("WScript.Shell")
   Dim TempDir, ParentDir, FullPath, Regload, Regresp
   TempDir = objShell.ExpandEnvironmentStrings("%WinDir%\Temp\DeploymentScripts\")

   If Not (objFSO.FolderExists(TempDir)) Then
      objFSO.CreateFolder (TempDir)
   End If

   ParentDir = objFSO.GetParentFolderName(Wscript.ScriptFullName)
   FullPath = ParentDir & "\DefaultShell.vbs"
   objFSO.CopyFile FullPath, TempDir, True

   Set regload = objShell.exec ("reg load HKU\ZZZ C:\users\default\ntuser.dat" )
   regresp = regload.StdOut.ReadAll()

   objShell.RegWrite "HKEY_USERS\ZZZ\Software\Microsoft\Windows\Currentversion\RunOnce\DefaultShell", _
   "WScript.exe" & " " & FullPath, "REG_SZ"

   Set regload = objShell.exec ("reg unload HKU\ZZZ")
   regresp = regload.StdOut.ReadAll()

End If