rhwimmers
asked on
GPO - registry key change
Trying to insure a certain registry key is set to 1 on all dom. I see in the GPO editor under computer, windows, security - there is a registy area, but itain machines can only get me to the "root" key, I need to have a specific value be changed - for example to disable anonymous enumeration:
hklm\system\ccs\control\ls a then I need to get tot eh restricanonymous key and change it (or make sure it is set to) 1 (for disable)
TIA
hklm\system\ccs\control\ls
TIA
Sounds like remote registry changes service has been disabled for those computers.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@Jay - Show off!
You cannot use the Registry section of the Native Group Policy Templates to alter values - only set permissions.
You can script it via a Logon or Startup script called from a GPO, but the best method is to add Jay's newfound tool to the AD so you can modify the registry via Group Policy.
Do NOT accept this as an answer, I'm simply clarifying what has already been provided.
You cannot use the Registry section of the Native Group Policy Templates to alter values - only set permissions.
You can script it via a Logon or Startup script called from a GPO, but the best method is to add Jay's newfound tool to the AD so you can modify the registry via Group Policy.
Do NOT accept this as an answer, I'm simply clarifying what has already been provided.
@Netman - Ha! Good old mkbean and his selection of usefull appz! Got to love it!
ASKER
Thanks - have you used that desktop standard? From what it looks like - you have to install software on every local machine in order for it to work? I guess now that MS bought that company it will be integrated in a later version, but youll also have to pay for the product too!
Ross
Ross
you just install on the server and it adds an extension to AD
Here is your syntax:
Console Registry Tool for Windows - version 3.0
Copyright (C) Microsoft Corp. 1981-2001. All rights reserved
REG ADD KeyName [/v ValueName | /ve] [/t Type] [/s Separator] [/d Data] [/f]
KeyName [\\Machine\]FullKey
Machine Name of remote machine - omitting defaults to the current
machine Only HKLM and HKU are available on remote machines
FullKey ROOTKEY\SubKey
ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey The full name of a registry key under the selected ROOTKEY
/v The value name, under the selected Key, to add
/ve adds an empty value name <no name> for the key
/t RegKey data types
[ REG_SZ | REG_MULTI_SZ | REG_DWORD_BIG_ENDIAN |
REG_DWORD | REG_BINARY | REG_DWORD_LITTLE_ENDIAN |
REG_NONE | REG_EXPAND_SZ ]
If omitted, REG_SZ is assumed
/s Specify one charactor that you use as the separator in your data
string for REG_MULTI_SZ. If omitted, use "\0" as the separator
/d The data to assign to the registry ValueName being added
/f Force overwriting the existing registry entry without prompt
Examples:
REG ADD \\ABC\HKLM\Software\MyCo
Adds a key HKLM\Software\MyCo on remote machine ABC
REG ADD HKLM\Software\MyCo /v Data /t REG_BINARY /d fe340ead
Adds a value (name: Data, type: REG_BINARY, data: fe340ead)
REG ADD HKLM\Software\MyCo /v MRU /t REG_MULTI_SZ /d fax\0mail
Adds a value (name: MRU, type: REG_MUTLI_SZ, data: fax\0mail\0\0)
REG ADD HKLM\Software\MyCo /v Path /t REG_EXPAND_SZ /d %%systemroot%%
Adds a value (name: Path, type: REG_EXPAND_SZ, data: %systemroot%)
Notice: Use the double percentage ( %% ) inside the expand string