Windows 2000 Server Custom Group Policy

I am having problems with the custom group policy below.  I don't get a dropdown box for !!ResetBroken after I have imported the policy into AD.


      KEYNAME "System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp"

   POLICY !!TermServSettings

      KEYNAME "System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp"      
      EXPLAIN !!TerminalServicesTimeoutPolicy  
            VALUENAME fInheritResetBroken
                    NAME !!Default VALUE NUMERIC 1 DEFAULT
                    NAME !!BlockInherit VALUE NUMERIC 0
              END ITEMLIST
        END PART



categoryname="Terminal Services Settings"
policyname="Configure Terminal Services Timeout"
explaintext="This Policy Allows You to Set Terminal Services Remote Desktop Timeouts"
ResetBroken="Disable Inherit of ResetBroken"
Default="Windows Default Setting"
BlockInherit="Tweaked Setting"
TermServ="Terminal Services Remote Desktop Policy - DCC"
TerminalServicesTimeoutPolicy="Allows the alteration of Terminal Services Settings"
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:

Does the policy appear at all?

What you have above imports and is configurable here (displaying all components). For reference this machine is running Windows XP SP2 and Microsoft Group Policy Management Console.

If you don't have the policy listed at all, select and right click Administrative Templates (Machine version), go to View, Filtering and remove the tick from:

"Only show policy settings that can be fully managed"
Chris DentPowerShell DeveloperCommented:

One more thought, different versions of gpedit.msc have different issues, so perhaps try:

VALUENAME "fInheritResetBroken"
Chris DentPowerShell DeveloperCommented:

Oh, you also only need to define KEYNAME once. That can be either within the policy itself or under the category statement depending on where you are using it.
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

dccdesktopAuthor Commented:
The policy 'Terminal Services Remote Desktop Policy - DCC' part appears but we don't get anything inside it.    We origionally tried it with only one KEYNAME, but after looking at various custom scripts on the net we tried two with no effect.  VALUENAME "fInheritResetBroken" does not work either.  The only other thing which we were wondering about is that other custom scripts are using the SOFTWARE key and we are using SYSTEM key.

This is only part of what we actually want to do, but we can't even get one box to work.  The full policy is eventually going to be applied to all of our domain controllers and file servers so that it disconnects inactive / disconnected remote desktop session after 15 minutes as we keep on running out of free sessions.  Although this can easily be configured manually we went for the group policy idea as it means no servers would be missed and we THOUGHT it wouldn't take very long.
Chris DentPowerShell DeveloperCommented:

If the policy doesn't appear at all then you need to turn off the filter for fully managed policies (as described in my first post - but for reference here again).

Select and right click Administrative Templates (Machine version / Computer Configuration version), go to View, Filtering and remove the tick from:

"Only show policy settings that can be fully managed"

Fully Managed refers to the ability of Group Policy to restore an original setting or remove a policy setting from the registry when the Policy itself is set to Not Configured, or the machine (in this case) is moved to a location uneffected by the policy.

Basically, if the computer object is ever effected by this policy the settings will remain in place until the reverse of the policy is set (either disabled or, in your case, the drag down box) or the value is manually changed or removed.

Let me know if that doesn't make sense.
Chris DentPowerShell DeveloperCommented:

Incidently, there's no problem using the system key. You can alter any registry value under either the HKey_Current_User Hive or the HKey_Local_Machine Hive with ADM files.
Chris DentPowerShell DeveloperCommented:

Oh, and just to confirm.

When I say policy I mean the policy entry that appears under the categories you've defined. The categories themselves will appear regardless of whether you have the filter set or not (and it is set by default - and will set every time you load up gpedit).
Chris DentPowerShell DeveloperCommented:

One day I'll remember to post everything in one post rather than adding extra comments all over the place ;)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dccdesktopAuthor Commented:
Thanks that worked.
Chris DentPowerShell DeveloperCommented:

Glad it helped :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.