Priscilla_Hora
asked on
Import registry key through Group Policy
I want to import a registry key to all users on my network (approx. 130 PCS/Notebooks).
I have created a TEST OU, I added the registry file under User configuration | Windows Settings | scripts (logon/logoff) | Logon
The script parameter is: regedit /s XXXXXX.reg
This works fine...
My problem is that when the user logs onto the PC, it prompts them to add the key to registry. The have the option of Yes/No.
I don't want this to happen. I want the process to be automatic, with no user interaction.
I don't want the user to know that this is happening in the background.
How can I achieve this from GP?
Thanks
Priscilla
I have created a TEST OU, I added the registry file under User configuration | Windows Settings | scripts (logon/logoff) | Logon
The script parameter is: regedit /s XXXXXX.reg
This works fine...
My problem is that when the user logs onto the PC, it prompts them to add the key to registry. The have the option of Yes/No.
I don't want this to happen. I want the process to be automatic, with no user interaction.
I don't want the user to know that this is happening in the background.
How can I achieve this from GP?
Thanks
Priscilla
If you have access to the domain controllers you can create a custom .adm template; see MS KB816662 (http://support.microsoft.com/?kbid=816662) for starters. Also, when using that particular section of GPEdit make sure you put the program on the first line (Script Name) and the parameters on the second line (Script Parameters). It doesn't appear to pass properly if you put everything on the program line.
Having said that though, the simplest way to do this is probably to put a .CMD file in the same folder as the reg file. Just run the regedit from the .cmd file. This has the added advantage of allowing you to check to see if the file has already run (so you don't keep adding the key every time the login). I've included a sample script at the end of this post. Try pasting this text into notepad and saving it with a .cmd extension (make sure notepad doesn't append .txt to the end). Just replace the X's with the name of your registry file. This script is designed to run once per machine; if you want it run once per user (or if the people in your organization don't have write access to the Windows folder) change the file location to %Temp% (for instance, line 2 would read "IF EXIST "%Temp%\XXXXXX" GOTO Skip"
@ECHO OFF
IF EXIST "C:\Windows\XXXXXX" GOTO Skip
REGEDIT /S "XXXXXX.reg"
ECHO Registry file XXXXXX added > "C:\Windows\XXXXXX"
Date /t >> "C:\Windows\XXXXXX"
:Skip
Having said that though, the simplest way to do this is probably to put a .CMD file in the same folder as the reg file. Just run the regedit from the .cmd file. This has the added advantage of allowing you to check to see if the file has already run (so you don't keep adding the key every time the login). I've included a sample script at the end of this post. Try pasting this text into notepad and saving it with a .cmd extension (make sure notepad doesn't append .txt to the end). Just replace the X's with the name of your registry file. This script is designed to run once per machine; if you want it run once per user (or if the people in your organization don't have write access to the Windows folder) change the file location to %Temp% (for instance, line 2 would read "IF EXIST "%Temp%\XXXXXX" GOTO Skip"
@ECHO OFF
IF EXIST "C:\Windows\XXXXXX" GOTO Skip
REGEDIT /S "XXXXXX.reg"
ECHO Registry file XXXXXX added > "C:\Windows\XXXXXX"
Date /t >> "C:\Windows\XXXXXX"
:Skip
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Oh wow.. Thanks for all the replies. But this all seems too complex.
There must be an easier way.
I ended up using KiXtart (a logon script)... Until I figure out an easier way to do the same thing using GP.
Here is the code -
; Open word document outside of IE
WriteValue ("HKEY_CLASSES_ROOT\Word.D
if @ERROR = 0
?" Successfully patched for IE Open word document in new window. "
ELSE
?" Failed to patch IE Open word document in new window. "
endif
I would love to hear from others. Have you achieved this through GP? Using a simple script parameter? Or something simpler than the other replies?
Thanks
There must be an easier way.
I ended up using KiXtart (a logon script)... Until I figure out an easier way to do the same thing using GP.
Here is the code -
; Open word document outside of IE
WriteValue ("HKEY_CLASSES_ROOT\Word.D
if @ERROR = 0
?" Successfully patched for IE Open word document in new window. "
ELSE
?" Failed to patch IE Open word document in new window. "
endif
I would love to hear from others. Have you achieved this through GP? Using a simple script parameter? Or something simpler than the other replies?
Thanks
what can be more simple than "reg import <regfile name>"
It's exaclty what you were doing in the first place, but doesn't prompt y/n
It's exaclty what you were doing in the first place, but doesn't prompt y/n
ASKER
Harleyjb
It doesn't work. The message "Are you sure you want to add the information in "\\server\share\WordNewWin
My Script name is: \\server\sahre\WordNewWind
Script Parameter is: reg import WordNewWindow.reg
What am I doing wrong?
If I run the reg import command from the command promt it completes sucessfully. But when run from GP/Logon It prompts the user..
Any ideas?
It doesn't work. The message "Are you sure you want to add the information in "\\server\share\WordNewWin
My Script name is: \\server\sahre\WordNewWind
Script Parameter is: reg import WordNewWindow.reg
What am I doing wrong?
If I run the reg import command from the command promt it completes sucessfully. But when run from GP/Logon It prompts the user..
Any ideas?
well you got me scratching my head now .
have you tried it through the user login script as opposed to the GP script?
have you tried it through the user login script as opposed to the GP script?
Are the users local admins on the workstations?
Does it happen when you log in as an administrative user?
Is this something you want to happen once off, or is it ongoing?
Does it happen when you log in as an administrative user?
Is this something you want to happen once off, or is it ongoing?
ASKER
Yes. All my users are local admins.
I would like the key to be changed once only.
I would like the key to be changed once only.
Ok - one Q you didn't answer - have you tried it through the user login script as opposed to the GP script?
I realise that's not the point of what you are doing - but I have that exact same command running in user login scripts as well as from the command line *without* the prompt, so I'm trying to see if it's your Group Policy or any scripting that fails...
I realise that's not the point of what you are doing - but I have that exact same command running in user login scripts as well as from the command line *without* the prompt, so I'm trying to see if it's your Group Policy or any scripting that fails...
While you're at it - post up some of the .reg file - maybe there's something there that's worth a look.
ASKER
It works fine under the user logon script (kix)
Im using: WriteValue ("HKEY_CLASSES_ROOT\Word.D
My .reg file looks like:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\Word.Do
@="Microsoft Word Document"
"EditFlags"=dword:00010000
"BrowserFlags"=dword:00000
So in your case you have the *.reg file saved on a network share.
Under GP, User configuration | Windows Settings | Scripts (Logon/Logoof) | Logon
What is your script name? script parameter?
Im using: WriteValue ("HKEY_CLASSES_ROOT\Word.D
My .reg file looks like:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\Word.Do
@="Microsoft Word Document"
"EditFlags"=dword:00010000
"BrowserFlags"=dword:00000
So in your case you have the *.reg file saved on a network share.
Under GP, User configuration | Windows Settings | Scripts (Logon/Logoof) | Logon
What is your script name? script parameter?
in the script try:
cmd /c reg merge regfile.reg
or
cmd /c regedit /s regfile.reg
I doubt it will help, but it's worth a shot. :)
cmd /c reg merge regfile.reg
or
cmd /c regedit /s regfile.reg
I doubt it will help, but it's worth a shot. :)
I'm using a standard login script, there's no special entries or settings, it just works for me...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
heh, give a man a fish... :)
ASKER
Arggh forget it..
Nothing seems to work as I want it to!
Nevermind... Thank You soo much for you help. I really appreciate it.
Nothing seems to work as I want it to!
Nevermind... Thank You soo much for you help. I really appreciate it.
create a file called script.vbs and execute this through the Group Policy. The example below resets DCOM permissions but you can add any other type of regitry key.
Set WshShell = WScript.CreateObject("WScr
call Writelog("MESSAGE INTO EVENT LOG",0)
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\O
WshShell.RegWrite "HKLM\SYSTEM\CurrentContro
Function WriteLog(strMsg,strType)
'Types can be
'0 - Information
'1 - Error
'2 - Warning
Set WshLOG = CreateObject("WScript.Shel
WshLOG.LogEvent strType, strMsg
Set WshLOG = Nothing
end Function
OR if the registry file is complicated you may want to try
Dim txtStream
Set oFS = CreateObject("Scripting.Fi
Set txtStream = oFS.CreateTextFile("C:\win
Set WshShell = WScript.CreateObject("WScr
call Writelog("Setting VNC Settings",0)
'emulate the registry file here
txtStream.WriteLine("REGED
txtStream.WriteLine("[HKEY
txtStream.WriteLine(Chr(34
txtStream.Close
WshShell.Run "regedit /s c:\winnt\temp\VNC.fil", 1, true
Function WriteLog(strMsg,strType)
'Types can be
'0 - Information
'1 - Error
'2 - Warning
Set WshLOG = CreateObject("WScript.Shel
WshLOG.LogEvent strType, strMsg
Set WshLOG = Nothing
end Function
Both solutions work, but the choice is yours. The only problem with the first method is you can't write HEX values , well I can't anyway.
HTH
Martin