How to modify a registry key value using GPO?
I need to add the following registry key and then add the value. How can I accomplish that? I tried adding a new key but it doesn't give me an option to midify the reg key value.
HKLM\SOFTWARE\Microsoft\Wi
SFCDisable=0
HKLM\SOFTWARE\Microsoft\Wi
SFCDisable=0
ASKER
Thanks a lot! I would actually like to give me a chance to do it! If I import an ADM template will it just append the new key entires or will impact them? means merge or replace?
It will replace value specified by you in that policy :)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@Isiek: But it will not replace the other registry keys right?
The GPO where I will import this adm file already has some registry keys added. I want to make sure that this new adm template will not delete or change the other registry keys.
@mkLine71: I'm placed a request to upgrade XP to Windows 7...so right now I can't avail this feature :o( thanks for the link, I also found some from lazyadmin and florian :o)
The GPO where I will import this adm file already has some registry keys added. I want to make sure that this new adm template will not delete or change the other registry keys.
@mkLine71: I'm placed a request to upgrade XP to Windows 7...so right now I can't avail this feature :o( thanks for the link, I also found some from lazyadmin and florian :o)
Nope, it only modifies registry which you specified in GPO. ADM adds new policies but if you don't set them up, they won't modify anything. ADM works as rest of defined Administrative Templates in group policy editor:)
ASKER
I've prepared the adm file and saved it with .adm extension. Could you please cross-check if this meets my requirement:
HKLM\SOFTWARE\Microsoft\Wi
SFCDisable=0 means WFP is active
==========================
CLASS MACHINE
CATEGORY "Windows File Protection"
POLICY "System File Checker Scan"
KEYNAME "HKLM\SOFTWARE\Microsoft\W
VALUENAME "SFCDisable"
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
END POLICY
END CATEGORY;
==========================
After that I'll import it to Admin Templates for Comp Config.
HKLM\SOFTWARE\Microsoft\Wi
SFCDisable=0 means WFP is active
==========================
CLASS MACHINE
CATEGORY "Windows File Protection"
POLICY "System File Checker Scan"
KEYNAME "HKLM\SOFTWARE\Microsoft\W
VALUENAME "SFCDisable"
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
END POLICY
END CATEGORY;
==========================
After that I'll import it to Admin Templates for Comp Config.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Excellent! That was really helpful! Yup I forgot to remove HKLM (I copied from customer's email by mistake).
One last time (for this Q ;o)) I need your help:
For the key value SFCDisable, can I only live with VALUEOFF NUMERIC 0?
In few websites I found VALUEON is set as 1 and VALUEOFF is set as 0. But here my mistake I interchanged them as the following which is probably not right......Please advice
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
One last time (for this Q ;o)) I need your help:
For the key value SFCDisable, can I only live with VALUEOFF NUMERIC 0?
In few websites I found VALUEON is set as 1 and VALUEOFF is set as 0. But here my mistake I interchanged them as the following which is probably not right......Please advice
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
Great! According to on off :) that's very interesting.
on means action for Enabled
off means action for Disabled
You have to consider which word is adequate for policy and then adjust its value ;)
i.e "Diable access to..."
for logical point of you if you select Enabled then policy will disable something :] and value should be set as 0.
when you set up Disabled it will be Enabled ;) so value 1
It is a little bit crazy but after some time it is acceptable :P
on means action for Enabled
off means action for Disabled
You have to consider which word is adequate for policy and then adjust its value ;)
i.e "Diable access to..."
for logical point of you if you select Enabled then policy will disable something :] and value should be set as 0.
when you set up Disabled it will be Enabled ;) so value 1
It is a little bit crazy but after some time it is acceptable :P
This can be done. You'll need to write a custom ADM template and import it into a GPO.
Here's a KB on how to do so.
http://support.microsoft.com/kb/225087
Here's the group policy website.
http://technet.microsoft.com/en-us/windowsserver/grouppolicy/default.aspx
Here's a KB on how to do so.
http://support.microsoft.com/kb/225087
Here's the group policy website.
http://technet.microsoft.com/en-us/windowsserver/grouppolicy/default.aspx
ASKER
Thanks! This one I've created.....I've another requirement came with this but little different. I need to create a DWORD.
HKEY_LOCAL_MACHINE\SYSTEM\
DWORD AutoShareServer=0
The following adm file will server my purpose? (I'm not posting a different Q instead increased the points to save time)
==========================
CLASS MACHINE
CATEGORY "Remove Administrative Shares"
POLICY "Remove Administrative Shares"
KEYNAME "SYSTEM\CurrentControlSet\
VALUENAME "AutoShareServer"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
END CATEGORY;
==========================
HKEY_LOCAL_MACHINE\SYSTEM\
DWORD AutoShareServer=0
The following adm file will server my purpose? (I'm not posting a different Q instead increased the points to save time)
==========================
CLASS MACHINE
CATEGORY "Remove Administrative Shares"
POLICY "Remove Administrative Shares"
KEYNAME "SYSTEM\CurrentControlSet\
VALUENAME "AutoShareServer"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
END CATEGORY;
==========================
Yes, that's OK. But add after VALUENAME <name> NUMERIC
and then you can set
VALUEON 1
VALUEOFF 0
http://support.microsoft.com/kb/225087
Look for first "DWORD" instance :)
and then you can set
VALUEON 1
VALUEOFF 0
http://support.microsoft.com/kb/225087
Look for first "DWORD" instance :)
ASKER
Like this?
==========================
CLASS MACHINE
CATEGORY "Remove Administrative Shares"
POLICY "Remove Administrative Shares"
KEYNAME "SYSTEM\CurrentControlSet\
VALUENAME "AutoShareServer" NUMERIC
VALUEON 1
VALUEOFF 0
END POLICY
END CATEGORY;
==========================
CLASS MACHINE
CATEGORY "Remove Administrative Shares"
POLICY "Remove Administrative Shares"
KEYNAME "SYSTEM\CurrentControlSet\
VALUENAME "AutoShareServer" NUMERIC
VALUEON 1
VALUEOFF 0
END POLICY
END CATEGORY;
Yes, like this. Check if it works.
I found in my template that I used it this way :/
VALUENAME "AutoShareServer"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
so, maybe I'm wrong stating that VALUENAME <name> NUMERIC is correct :/
I found in my template that I used it this way :/
VALUENAME "AutoShareServer"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
so, maybe I'm wrong stating that VALUENAME <name> NUMERIC is correct :/
ASKER
Oh okay...let me try. if this works then super cool :o)
Thanks a lot for helping me out :)
Thanks a lot for helping me out :)
You're welcome :)
ASKER
Whoo hoo!!! That works :o)
Thank you :)
Thank you :)
You're welcome :)
If you want to I would prepare it for you ?