Distributing Registry Changes with administrative rigths

Posted on 2003-12-02
Last Modified: 2012-05-04

i'm trying to Distribut Registry Changes on client computers (w2k) using an login.bat script

regedit /s \\Serveurbd\SYSVOL\\scripts\OutlookSettings.reg

When the computers execute the script, the get an error message saying that they don't have access to the registry... I suppose it's because they don't have administrative rights on the local computers....

Is there some other way of installing the reg file without changing the local rights on the computers????

Question by:bobsensor
  • 2
  • 2
  • 2
  • +2
LVL 10

Expert Comment

ID: 9859879
Administrative Templates under Group Policies allow administrators to use existing ADM files or custom written ADM files to apply registry changes to HKLM and HKCU.

This feature was called System Policies under Windows NT. Microsoft may have written an ADM file for your Outlook version that applies the required registry changes.

Outlk10.adm is the ADM for Outlook 10. See or Google for Outlook ADM.

LVL 16

Expert Comment

ID: 9861347

Expert Comment

ID: 9864241
Ryan is right on as long as you have a W2K DC to deploy the GPO with. I ran into a similar issue deploying SMS where we decided to define the Client Access Point by creating our own ADM file with the correct registry settings and then loading the GPO on each OU.

That stupid Outlook Security Update that blocks the attachments is a real pain in the rear.

If you need anymore help getting that out, let us know.

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.


Author Comment

ID: 9866338
the purpose of deploying the regestry file, is to add & set the registry key "CheckAdminSettings" to "1" so that outlook check's in the puplic folders to see if the "Outlook Security Settings" is existant. In that folder, I have a file named "Default Security Settings" that alows outlook to use forms with object model, cdo & mapi... without asking the virus question....

that works great!!!.... but the deploying part is where i'm having problems...

- deploying reg file with login script gives me administrative rights problems on client computers (w2k)

- i've also tryed using gpo from dc (w2ks) with the Outlk10.adm ADM but I can't find the part that would set the "CheckAdminSettings" key to "1"??? i'm missing something????


Expert Comment

ID: 9866457
What you have to do is create your own .ADM template that you can Add into the Group Policies. Check out the following article from Microsoft:;en-us;323639

Basically, you stick your registry settings and options in the .ADM file. Add the .ADM template to an object in the group policy. Create a new group policy and the new folder for setting the Outlook Security Settings should now be available. You can set your key to 1 in the Group Policy Editor and then save your changes. Make sure that GPO is applied to the object your users will fall under (OU, Domain, etc)

We've actually just migrated off of NT 4.0 so I will probably do this tonight as well. If you have anymore questions or are having a hard time writing the ADM file, let us know.

LVL 57

Expert Comment

by:Pete Long
ID: 9868795
HOw to distribute a Registry Change

From Wondows 2000 Magazine April 2001

You can use one of three methods: imported registration (.reg) files, regini.exe, or group or system policies.

***Option 1: Create or Export Registration Files ***

You can distribute .reg files that users can then import into the registries of target computers. All you need to do is create—or use regedit to export, then edit—the .reg files, then distribute them. (Registration files have one serious shortcoming, however: They can't delete anything in the registry. Format the registration file's contents as follows:

<Blank line>

Is whichever version of regedit.exe you're using. This entry identifies the file as a registration file. Regedit automatically adds this information when you export a .reg file, but you must manually enter the information when you create a .reg file. For Windows 2000, the RegistryEditorVersion is Windows Registry Editor Version 5.00; for NT 4.0, the version is Regedit4.

Blank line
Identifies the beginning of a new registry path. (Each individual key or subkey is a new registry path.) When you export a key, the .reg file displays a blank line before each key or subkey. If you have multiple keys in your .reg file, blank lines can help you examine and troubleshoot the contents. (Microsoft's instructions state that the blank line is necessary. However, when I create .reg files and inadvertently forget the blank lines, the files still merge successfully.)

Is the path to the key that holds the values you're importing. Enclose the path in square brackets, and separate each level of the hierarchy by a backslash—for example, [HKEY_LOCAL_ MACHINE\SOFTWARE\Policies\Microsoft\ Windows\System]. A .reg file can contain multiple registry paths.
When the bottom of the hierarchy that you enter in the path statement doesn't exist in the registry, you're creating a new subkey. Registry files' contents are sent to the registry in the order in which you enter them. Therefore, if you want to create a new key and a subkey below that key, be sure to enter the lines in the proper order. (However, the only reason to create new keys is because you've written software that looks for those keys. Creating new keys isn't a task you perform for system maintenance.)

Is the data item you want to import. When a data item in your file doesn't exist in the registry, the .reg file adds it (with its value). When a data item does exist, the value in your .reg file overwrites the existing value. Quotation marks enclose the name of the data item. An equal sign (=) immediately follows the name of the data item.  

(i.e., the imported item's data type) immediately follows the equal sign, unless the data type is of REG_SZ (REG_SZ types are strings). For all data types other than REG_SZ, a colon immediately follows the data type. Table 1 shows the entries for five common data types. (Nine data types exist, but the types in Table 1 are likely to be the only ones you'll use for system maintenance.) For information about these data types, see the sidebar "Registry Data Types" (see below).

Data Type         Registration File DataType Entry
REG_BINARY        hex

REG_DWORD         dword

REG_EXPAND_SZ     hex(2)

REG_MULTI_SZ      hex(7)

REG_SZ            none

(i.e., the value you want to import) immediately follows the colon and must be in the appropriate format (i.e., string or hexadecimal—use hex format for binary data items). You can enter multiple data-item lines for the same registry path. For example, the data-item lines


reflect the hex entries that these data items require: 00000014 is the hex equivalent of 20, and 0000000f is the hex equivalent of 15. If you're uncomfortable with hex or other nonreadable data, restrict your .reg file creation efforts to items that are neither binary nor hex format.
The registry doesn't have a Boolean data type (although it should, and I can't believe Microsoft hasn't gotten around to this yet). However, Boolean type data is usually a DWORD (4 byte) or String (2 byte) item type in the registry. If you're using your .reg file to change values, check the data item in the registry to make sure you match the data type. You don't need to enter the full string in your .reg file; you can omit leading zeros for all numeric values.

****A Registration File Drawback ****

Registration (.reg) files can't delete anything in the registry

****Heres an Example*****

Windows Registry Editor Version 5.00


****Option 2: Get More Editing Power with Regini.exe*****
If scripts are your favorite tools for configuration and setup tasks, you can use regini.exe to apply your scripting skills to registry edits. Regini provides more power than .reg files can muster, including the ability to delete subkeys and data items and to set permissions on registry keys. You can find Regini in the Microsoft Windows 2000 Server Resource Kit and the Microsoft Windows NT Server 4.0 Resource Kit. (I've successfully used the Windows 2000 version of regini.exe on NT machines, and vice versa.) The resource kits also contain full documentation (i.e., regini.doc) for this nifty utility. Regini uses the following syntax:

regini <ScriptFileName>

where ScriptFileName is the path to a script file you've written to perform a specific registry edit. You can use Uniform Naming Convention (UNC) in the path statement if the script is on a network share.

To distribute registry changes that use Regini, you must make the program available to each target computer (assuming that you haven't installed the resource kits across your enterprise). You can use a batch file to map Regini's UNC path and then run the program. For example, if Regini resides on a network share named ResKit on a server named Tools1, you can create the following batch file:

Net use x: \\tools1\reskit
x:\ regini <ScriptFileName>
Net use x: /delete

Regini Features
Regini gives you several options for data manipulation. For example, DELETE is a regini.exe keyword that requires only the name of the data item. To remove a data item, enter the following syntax as the second (i.e., data item) line of your script:

DataItemName = DELETE

Putting It All Together
As an example of a complete command, review the following script. This command changes computer settings so that the most recent user's name doesn't appear in the Logon dialog box.

DontDisplayLastUserName = REG_DWORD 1

*****Option 3: Use Policies *****

You can also distribute registry changes by creating system policies that manipulate the registries of target users. The process you use varies between Windows 2000 (which uses the Microsoft Management Console—MMC—GPE snap-in) and earlier versions of Windows (which use SPE), but in either case, you can build administration (.adm) files to send registry changes to selected computers.

The easiest way to create an .adm file is to use an existing .adm template as a starting point. Templates are text files, and you can open them in Notepad or any text editor. Before you do anything with existing templates, back up the originals. When you modify a template, save the new version with a new filename, even if you've backed up the original. And you must test your new .adm files in a lab environment before you unleash your creation on the enterprise. (See Reader to Reader, ".adm Files and the Headaches They Can Cause," October 1999, for a description of the consequences you might face if you ignore this advice.)

Of course, to implement a registry change through an .adm template, you need to know which registry key to target. The resource kits' registry documentation is rather sparse. To learn my way around the registry, I used a lab environment to plunge in and make system changes with existing policies and Control Panel applets. I used Sysinternals' regmon.exe (available from ) to track the resulting registry changes. Eventually, I learned quite a bit about the registry's organization and registry entries' data types.

Where are the Administrative Templates (ADM) located?


HOW TO: Add, Modify, or Delete Registry Subkeys and Values by Using a Registration Entries (.reg) File

Distributing Registry Changes

Specify a Script to Run on Startup Shutdown Logon Logoff
LVL 16

Accepted Solution

JammyPak earned 125 total points
ID: 9868982
Hi PeteLong, I think you just retyped (or at least cut and pasted) the article I linked to above

LVL 57

Expert Comment

by:Pete Long
ID: 9877218
Curses, I thought Id left the link of for a second as well :0) You are correct, my appologies


Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes a user will call me frantically, explaining that something has gone wrong and they have tried everything (read - they have messed it up more and now need someone to clean up) and it still does no good, can I help them?!  Usually the standa…
In a recent article here at Experts Exchange (, I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question