Solved

Import registry key through Group Policy

Posted on 2004-09-12
17
869 Views
Last Modified: 2008-02-26
I want to import a registry key to all users on my network (approx. 130 PCS/Notebooks).
I have created a TEST OU, I added the registry file under User configuration | Windows Settings | scripts (logon/logoff) | Logon

The script parameter is: regedit /s XXXXXX.reg

This works fine...

My problem is that when the user logs onto the PC, it prompts them to add the key to registry. The have the option of Yes/No.
I don't want this to happen. I want the process to be automatic, with no user interaction.
I don't want the user to know that this is happening in the background.

How can I achieve this from GP?

Thanks
Priscilla

 
0
Comment
Question by:Priscilla_Hora
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 5
  • 2
  • +1
17 Comments
 

Expert Comment

by:MPSiddall
ID: 12043130
Try adding the registry entries with a script

create a file called script.vbs and execute this through the Group Policy. The example below resets DCOM permissions but you can add any other type of regitry key.

Set WshShell = WScript.CreateObject("WScript.Shell")

      
call Writelog("MESSAGE INTO EVENT LOG",0)
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Ole\EnableDCOM", "Y"
WshShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous", 2 ,"REG_DWORD"


Function WriteLog(strMsg,strType)
      'Types can be
      '0 - Information
      '1 - Error
      '2 - Warning
      
      Set WshLOG = CreateObject("WScript.Shell")
      WshLOG.LogEvent strType, strMsg
      Set WshLOG = Nothing
end Function

OR if the registry file is complicated you may want to try


Dim txtStream
Set oFS = CreateObject("Scripting.FileSystemObject")
Set txtStream = oFS.CreateTextFile("C:\winnt\temp\VNC.fil",true)
Set WshShell = WScript.CreateObject("WScript.Shell")
call Writelog("Setting VNC Settings",0)


'emulate the registry file here

txtStream.WriteLine("REGEDIT4")
txtStream.WriteLine("[HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4]")
txtStream.WriteLine(Chr(34) & "Password" & chr(34) &"=hex:87,1b,f9,95,32,46,48,2a")
txtStream.Close

WshShell.Run "regedit /s c:\winnt\temp\VNC.fil", 1, true



Function WriteLog(strMsg,strType)
      'Types can be
      '0 - Information
      '1 - Error
      '2 - Warning
      
      Set WshLOG = CreateObject("WScript.Shell")
      WshLOG.LogEvent strType, strMsg
      Set WshLOG = Nothing
end Function


Both solutions work, but the choice is yours. The only problem with the first method is you can't write HEX values , well I can't anyway.

HTH

Martin
0
 
LVL 5

Expert Comment

by:jmacmicking
ID: 12043236
If you have access to the domain controllers you can create a custom .adm template; see MS KB816662 (http://support.microsoft.com/?kbid=816662) for starters.  Also, when using that particular section of GPEdit make sure you put the program on the first line (Script Name) and the parameters on the second line (Script Parameters).  It doesn't appear to pass properly if you put everything on the program line.  

Having said that though, the simplest way to do this is probably to put a .CMD file in the same folder as the reg file.  Just run the regedit from the .cmd file.  This has the added advantage of allowing you to check to see if the file has already run (so you don't keep adding the key every time the login).  I've included a sample script at the end of this post.  Try pasting this text into notepad and saving it with a .cmd extension (make sure notepad doesn't append .txt to the end).  Just replace the X's with the name of your registry file.  This script is designed to run once per machine; if you want it run once per user (or if the people in your organization don't have write access to the Windows folder) change the file location to %Temp% (for instance, line 2 would read "IF EXIST "%Temp%\XXXXXX" GOTO Skip"

@ECHO OFF
IF EXIST "C:\Windows\XXXXXX" GOTO Skip
REGEDIT /S "XXXXXX.reg"
ECHO Registry file XXXXXX added > "C:\Windows\XXXXXX"
Date /t >> "C:\Windows\XXXXXX"

:Skip

0
 
LVL 15

Accepted Solution

by:
harleyjd earned 300 total points
ID: 12043314
reg import \\server\share\keys.reg

add that to the login script.
0
Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

 

Author Comment

by:Priscilla_Hora
ID: 12049910
Oh wow.. Thanks for all the replies. But this all seems too complex.
There must be an easier way.

I ended up using KiXtart (a logon script)... Until I figure out an easier way to do the same thing using GP.

Here is the code -

; Open word document outside of IE

WriteValue ("HKEY_CLASSES_ROOT\Word.Document.8", "BrowserFlags", "00000008", REG_DWORD)

      if @ERROR = 0
              ?" Successfully patched for IE Open word document in new window. "
      ELSE
              ?" Failed to patch IE Open word document in new window. "
      endif

I would love to hear from others. Have you achieved this through GP?  Using a simple script parameter? Or something simpler than the other replies?

Thanks

0
 
LVL 15

Expert Comment

by:harleyjd
ID: 12050038
what can be more simple than "reg import <regfile name>"

It's exaclty what you were doing in the first place, but doesn't prompt y/n


0
 

Author Comment

by:Priscilla_Hora
ID: 12050179
Harleyjb

It doesn't work. The message "Are you sure you want to add the information in "\\server\share\WordNewWindow.reg" to the registry?" still pops up.

My Script name is: \\server\sahre\WordNewWindow.reg
Script Parameter is: reg import WordNewWindow.reg

What am I doing wrong?

If I run the reg import command from the command promt it completes sucessfully. But when run from GP/Logon It prompts the user..

Any ideas?
0
 
LVL 15

Expert Comment

by:harleyjd
ID: 12050373
well you got me scratching my head now .

have you tried it through the user login script as opposed to the GP script?
0
 
LVL 15

Expert Comment

by:harleyjd
ID: 12050736
Are the users local admins on the workstations?

Does it happen when you log in as an administrative user?

Is this something you want to happen once off, or is it ongoing?

0
 

Author Comment

by:Priscilla_Hora
ID: 12050760
Yes. All my users are local admins.
I would like the key to be changed once only.
0
 
LVL 15

Expert Comment

by:harleyjd
ID: 12051163
Ok - one Q you didn't answer - have you tried it through the user login script as opposed to the GP script?

I realise that's not the point of what you are doing - but I have that exact same command running in user login scripts as well as from the command line *without* the prompt, so I'm trying to see if it's your Group Policy or any scripting that fails...

0
 
LVL 15

Expert Comment

by:harleyjd
ID: 12051166
While you're at it - post up some of the .reg file - maybe there's something there that's worth a look.
0
 

Author Comment

by:Priscilla_Hora
ID: 12051617
It works fine under the user logon script (kix)
Im using: WriteValue ("HKEY_CLASSES_ROOT\Word.Document.8", "BrowserFlags", "00000008", REG_DWORD)

My .reg file looks like:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Word.Document.8]
@="Microsoft Word Document"
"EditFlags"=dword:00010000
"BrowserFlags"=dword:00000008

So in your case you have the *.reg file saved on a network share.
Under GP, User configuration | Windows Settings | Scripts (Logon/Logoof) | Logon
What is your script name? script parameter?




0
 
LVL 15

Expert Comment

by:harleyjd
ID: 12051900
in the script try:

cmd /c reg merge regfile.reg

or

cmd /c regedit /s regfile.reg

I doubt it will help, but it's worth a shot. :)

0
 
LVL 15

Expert Comment

by:harleyjd
ID: 12051903
I'm using a standard login script, there's no special entries or settings, it just works for me...

0
 

Assisted Solution

by:MPSiddall
MPSiddall earned 20 total points
ID: 12052051
Arrrrrrgggggghhhh !! not kikstart .

I have taken your reg entries and added to a .vbs script which can be run directly from the GPO.

Dim txtStream,tmpFile,strInput

tmpFile = "c:\winnt\temp\word.fil"

Set oFS = CreateObject("Scripting.FileSystemObject")
Set txtStream = oFS.CreateTextFile(tmpFile,true)
Set WshShell = WScript.CreateObject("WScript.Shell")

'Read param that should have been set

strInput = WshShell.RegRead ("HKEY_CLASSES_ROOT\Word.Document.8\BrowserFlags")

' If param different from what it should be then insert the reg file

If strInput <> 8 then

      call Writelog("Setting Word Document Settings",0)

      txtStream.WriteLine("REGEDIT4")
      txtStream.WriteLine("[HKEY_CLASSES_ROOT\Word.Document.8]")
      txtStream.WriteLine("@=" & chr(34) & "Microsoft Word Document" & chr(34))
      txtStream.WriteLine(chr(34) & "EditFlags" & chr(34) & "=dword:00010000")
      txtStream.WriteLine(chr(34) & "BrowserFlags" & chr(34) & "=dword:00000008")
      txtStream.Close

      WshShell.Run "regedit /s " & tmpFile, 1, true
else
      call Writelog("Word Document Settings Allready Set",0)

end if

Function WriteLog(strMsg,strType)
      'Types can be
      '0 - Information
      '1 - Error
      '2 - Warning
      
      Set WshLOG = CreateObject("WScript.Shell")
      WshLOG.LogEvent strType, strMsg
      Set WshLOG = Nothing
end Function

HTH

Martin


0
 
LVL 15

Expert Comment

by:harleyjd
ID: 12052117
heh, give a man a fish... :)

0
 

Author Comment

by:Priscilla_Hora
ID: 12059934
Arggh forget it..

Nothing seems to work as I want it to!

Nevermind... Thank You soo much for you help. I really appreciate it.

0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Just changed my 2000 Server DCs IP now what 3 411
Virtualise server 2000 for Hyper V 4 861
Windows 2000 Print Server 2 1,058
VMware:  Latest Tools version for Windows 2000 Guest 3 267
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question