Tags:




What might be changing these HKCU registry keys?
June 1, 2009 4:21 PM   RSS feed for this thread Subscribe

What might be changing these HKCU registry key values?

On our corporate domain we've increasingly been encountering bizarre, odd-ball problems where the solution is to change the "Cache" values in these registry keys:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

The "Cache" value contains "C:\Windows\Temporary Internet Files" (a throwback to the Win98 era, I believe) and should contain "C:\Documents and Settings\username\Local Settings\Temporary Internet Files"...as you could imagine, pointing the IE/Explorer browser cache to a non-existent folder can cause all sorts of havoc with the various dependent apps out there.

I haven't seen anything in any of our in-house scripts that can be changing this. We're considering a login script to kludge-over the problem so that we never see it again, but would like to understand it better, hopefully avoiding the process of proactively monitoring the registry across the network to look for the next user profile that gets tweaked. It's not a widespread problem that affects multiple machines at this point. The latest affected machine was just re-imaged due to a completely different issue, and there's no indication that this setting was inherited from the default user registry key.

Just curious if anyone has seen this happen and has any suggestions. I'll try to see if I can gather any more information...we're still running IE6 due to some proprietary apps, and it seems IE6 has become increasingly flaky lately, probably due to the fact that it's an IE7/IE8 world (with a constant flow of security fixes) and Microsoft is increasingly less keen on bending over backwards to support IE6 while fixing security issues in Windows/Office/IE7/IE8.
posted by aydeejones to computers & internet (5 comments total)
Windows Process Monitor (an update to the old SysInternals RegMon) may well be your friend.
posted by holgate at 4:24 PM on June 1


Do you have a Group Policy in place that could have Folder Redirection enabled?
posted by JaredSeth at 4:54 PM on June 1


Comodo Firewall (during install you can decline the tied-in antivirus) is pretty good (too good?) at asking whether you want to let anything change anything in the registry.

SpyBot also comes with something called TeaTimer which will also intercept things that want to change things in your registry and ask if you want to let it happen.
posted by porpoise at 8:16 PM on June 1


A GPO would effect everyone in the OU, every time, so I don't think that's it.

You sure it's not coming from a custom app install or something? Since you already have one machine with the issue, make a new account fromt the default user and see if it gets the changes. Or copy a new default user from a known good PC. Something is setting it that way. 2nd the regmon suggestion, you'll need that to find it.
posted by anti social order at 6:02 AM on June 2


anti social disorder, we don't know that all the affected machines are actually in the same OU though, since we haven't been given any info about their AD setup.

If these are freshly imaged machines just joined to the domain, maybe that's in their default GPO and the problem would go away once the machines are moved into the appropriate container.

This would be easy enough to check with gpresult.
posted by JaredSeth at 9:40 AM on June 2


« Older Looking for advice on email ho...   |   How can I access remote Outloo... Newer »

You are not logged in, either login or create an account to post comments