dav-i-son
asked on
Need to deploy a registry setting via Group Policy
Need to deploy the following to all of my workstations, was hoping for through Group Policy:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\S ervices\Tc pip\Parame ters\]
"KeepAliveTime"=dword:0012 4f80
I ran it through REG to ADM, and got the following:
CLASS MACHINE
CATEGORY "SYSTEM\CurrentControlSet\ Services\T cpip\Param eters\"
KEYNAME "SYSTEM\CurrentControlSet\ Services\T cpip\Param eters\"
POLICY "KeepAliveTime"
PART "KeepAliveTime"
NUMERIC
VALUENAME "KeepAliveTime"
END PART
END POLICY
END CATEGORY
But when I import the ADM file to a GP object, It just shows on the left side in the tree--no values to configure on the right (I thought I'd see at the very least "Enable / Disable")
Am I missing something stupid?
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM
"KeepAliveTime"=dword:0012
I ran it through REG to ADM, and got the following:
CLASS MACHINE
CATEGORY "SYSTEM\CurrentControlSet\
KEYNAME "SYSTEM\CurrentControlSet\
POLICY "KeepAliveTime"
PART "KeepAliveTime"
NUMERIC
VALUENAME "KeepAliveTime"
END PART
END POLICY
END CATEGORY
But when I import the ADM file to a GP object, It just shows on the left side in the tree--no values to configure on the right (I thought I'd see at the very least "Enable / Disable")
Am I missing something stupid?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There used to be a nice tool dor doing this the policy maker registry extention but it is no longer available - for other options see http://www.windowsecurity.com/articles/Pushing-Out-Security-Settings-Configured-Registry.html
ASKER
Pete-
Doesn't that "section" of a GPO just set the security on the key... to use in a case where I want the user to be able to set the _value_ on their own?
When I ran the report on the policy in GPMC, it came up with the security descriptors I set, but didn't mention the value.
Doesn't that "section" of a GPO just set the security on the key... to use in a case where I want the user to be able to set the _value_ on their own?
When I ran the report on the policy in GPMC, it came up with the security descriptors I set, but didn't mention the value.
ASKER
KCTS-
PolicyMaker seems to still do the Registry settings (just installed it), but I'll have a tough time getting funding for licensing 600+ PC's just for one little registry setting. For that, I could do the import just using a script like reg /s keepalive.reg with the contents above in it.
Any other ideas? Thanks though--you were on a close track, I think
PolicyMaker seems to still do the Registry settings (just installed it), but I'll have a tough time getting funding for licensing 600+ PC's just for one little registry setting. For that, I could do the import just using a script like reg /s keepalive.reg with the contents above in it.
Any other ideas? Thanks though--you were on a close track, I think
The policymaker extention I was refering to used to be free - but it seems to have disappeared -!
ASKER
Aww, nuts!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
oBdA-
That worked (to a point)... I need to get the value "1200000" configured. When I tried to enter that, it said the maximum was 9999, and that it would replace my entry w/ that. Any way I can get the ADM file I created (or edit the ADM file) to support an entry of 1200000 ?
Thanks in advance!
That worked (to a point)... I need to get the value "1200000" configured. When I tried to enter that, it said the maximum was 9999, and that it would replace my entry w/ that. Any way I can get the ADM file I created (or edit the ADM file) to support an entry of 1200000 ?
Thanks in advance!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
oBdA-
That did it!
I don't think I have to worry too much about tattooing--I can issue a command to remove the entry, if necessary (as it didn't exist before).
Thanks!
Ken
That did it!
I don't think I have to worry too much about tattooing--I can issue a command to remove the entry, if necessary (as it didn't exist before).
Thanks!
Ken
Hey - something obvious just hit me.
Why not download the two MS files - the enable and disable workaround msi's - and do a software install through the group policy? You'd have to restart your pc's, but, unlike scripts, you could see the thing running on reboot. It is another way to skin the cat . . .
Why not download the two MS files - the enable and disable workaround msi's - and do a software install through the group policy? You'd have to restart your pc's, but, unlike scripts, you could see the thing running on reboot. It is another way to skin the cat . . .
Oh - I haven't test the above yet - but the enable and disable msi's can be downloaded at
http://support.microsoft.com/kb/972890
which is the consumer link
http://support.microsoft.com/kb/972890
which is the consumer link
Sorry - posted to wrong open question.