asasupport
asked on
Deploying reg file through group policy
Hi,
I've been trying to deploy a reg file through group policy over the past few days but without any joy. I've never had to do this before so any help would be much appreciated!
I've followed the instructions on the below link. However, I applied this under the Computer Configuration Node (rather than users), Policies, Windows Settings, Scripts (Startup/Shutdown).
http://blogs.technet.com/b/askds/archive/2007/08/14/deploying-custom-registry-changes-through-group-policy.aspx
In the Startup, I have put in the following:
The registry key is below.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Interne t Explorer\MAIN\FeatureContr ol\FEATURE _PROTOCOL_ LOCKDOWN]
"explorer.exe"=dword:00000 001
"iexplore.exe"=dword:00000 001
"*"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Windows \CurrentVe rsion\Inte rnet Settings\RestrictedProtoco ls]
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Windows \CurrentVe rsion\Inte rnet Settings\RestrictedProtoco ls\1]
"mhtml"="mhtml"
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Windows \CurrentVe rsion\Inte rnet Settings\RestrictedProtoco ls\2]
"mhtml"="mhtml"
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Windows \CurrentVe rsion\Inte rnet Settings\RestrictedProtoco ls\3]
"mhtml"="mhtml"
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Windows \CurrentVe rsion\Inte rnet Settings\RestrictedProtoco ls\4]
"mhtml"="mhtml"
I have also dropped the file into the Show Files location.
In the group policy I have Security Filtering enabled. We have created computer security groups which have been assigned to the policy. Authenticated users are also in the Security Filtering.
When I run the Group Policy Modeling Wizard this shows that the GPO is being applied.
Also, when we start up the clients PCs, Resultant Set of Policy is showing the policy as being applied. However, when I got to regedit, it has not made the changes.
We are running Windows 7 PCs and Server 2008 domain controllers.
Am I missing something really simple?
I've been trying to deploy a reg file through group policy over the past few days but without any joy. I've never had to do this before so any help would be much appreciated!
I've followed the instructions on the below link. However, I applied this under the Computer Configuration Node (rather than users), Policies, Windows Settings, Scripts (Startup/Shutdown).
http://blogs.technet.com/b/askds/archive/2007/08/14/deploying-custom-registry-changes-through-group-policy.aspx
In the Startup, I have put in the following:
The registry key is below.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWA
"explorer.exe"=dword:00000
"iexplore.exe"=dword:00000
"*"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWA
[HKEY_LOCAL_MACHINE\SOFTWA
"mhtml"="mhtml"
[HKEY_LOCAL_MACHINE\SOFTWA
"mhtml"="mhtml"
[HKEY_LOCAL_MACHINE\SOFTWA
"mhtml"="mhtml"
[HKEY_LOCAL_MACHINE\SOFTWA
"mhtml"="mhtml"
I have also dropped the file into the Show Files location.
In the group policy I have Security Filtering enabled. We have created computer security groups which have been assigned to the policy. Authenticated users are also in the Security Filtering.
When I run the Group Policy Modeling Wizard this shows that the GPO is being applied.
Also, when we start up the clients PCs, Resultant Set of Policy is showing the policy as being applied. However, when I got to regedit, it has not made the changes.
We are running Windows 7 PCs and Server 2008 domain controllers.
Am I missing something really simple?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I think you're blocked by UAC on Windows7 and 2008.
When you run regedit /s on Windows7 computer, without command prompt with elevated privilege, UAC ask you if you want to bring modifications to registry.
I think you have two choices:
- use a batch file to launch regedit /s \\server\share\file.reg
- use commands REG to modify registry (like this: reg add HKCU\software /v test /t REG_DWORD /d 00000002), either directly or in a batch file.
Using Regedit i have the UAC prompt, with Reg commands i haven't it.
You could too disable UAC for all users, but is it really secure?
When you run regedit /s on Windows7 computer, without command prompt with elevated privilege, UAC ask you if you want to bring modifications to registry.
I think you have two choices:
- use a batch file to launch regedit /s \\server\share\file.reg
- use commands REG to modify registry (like this: reg add HKCU\software /v test /t REG_DWORD /d 00000002), either directly or in a batch file.
Using Regedit i have the UAC prompt, with Reg commands i haven't it.
You could too disable UAC for all users, but is it really secure?
Do you prefer to do this with custom ADM template
http://www.frickelsoft.net/blog/?p=62
http://www.frickelsoft.net/blog/?p=62
ASKER
Thanks Krzysztof!! I've managed to crack it!!
I did use the Group Policy Preferences. Went into Computer Configuration>Preferences> Windows Settings>Registry>Right click>New>Registry Wizard
I saved the reg file I needed to deploy to a 32-bit client PC and then drilled down to the file location.
The key then appears in the group policy.
Drill down to the key location. Right click on each entry, Properties, and Replace.
Once again excellent advice from Experts Exchange!
Regards,
Y
I did use the Group Policy Preferences. Went into Computer Configuration>Preferences>
I saved the reg file I needed to deploy to a 32-bit client PC and then drilled down to the file location.
The key then appears in the group policy.
Drill down to the key location. Right click on each entry, Properties, and Replace.
Once again excellent advice from Experts Exchange!
Regards,
Y
I'm glad I could help :) You're welcome :)
Krzysztof
Krzysztof
ASKER
Many thanks Krzysztof!! Using the Group Policy Preferences did the trick. Being a numpty, I used the Registry Wizard.
Many thanks!!
Y
Many thanks!!
Y
Open in new window