[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Windows 2000 Server Custom Group Policy

Posted on 2004-11-29
10
Medium Priority
?
601 Views
Last Modified: 2010-05-19
I am having problems with the custom group policy below.  I don't get a dropdown box for !!ResetBroken after I have imported the policy into AD.

CLASS MACHINE

CATEGORY !!TermServ
      KEYNAME "System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp"

   POLICY !!TermServSettings
      

      KEYNAME "System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp"      
      EXPLAIN !!TerminalServicesTimeoutPolicy  
      PART !!ResetBroken      DROPDOWNLIST REQUIRED
            VALUENAME fInheritResetBroken
            ITEMLIST
                    NAME !!Default VALUE NUMERIC 1 DEFAULT
                    NAME !!BlockInherit VALUE NUMERIC 0
              END ITEMLIST
        END PART


   END POLICY



END CATEGORY


[strings]
categoryname="Terminal Services Settings"
policyname="Configure Terminal Services Timeout"
explaintext="This Policy Allows You to Set Terminal Services Remote Desktop Timeouts"
ResetBroken="Disable Inherit of ResetBroken"
Default="Windows Default Setting"
BlockInherit="Tweaked Setting"
TermServ="Terminal Services Remote Desktop Policy - DCC"
TermServSettings="Terminal"
TerminalServicesTimeoutPolicy="Allows the alteration of Terminal Services Settings"
                  
0
Comment
Question by:dccdesktop
  • 8
  • 2
10 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12695888

Does the policy appear at all?

What you have above imports and is configurable here (displaying all components). For reference this machine is running Windows XP SP2 and Microsoft Group Policy Management Console.

If you don't have the policy listed at all, select and right click Administrative Templates (Machine version), go to View, Filtering and remove the tick from:

"Only show policy settings that can be fully managed"
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12695921

One more thought, different versions of gpedit.msc have different issues, so perhaps try:

VALUENAME "fInheritResetBroken"
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12696006

Oh, you also only need to define KEYNAME once. That can be either within the policy itself or under the category statement depending on where you are using it.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:dccdesktop
ID: 12696177
The policy 'Terminal Services Remote Desktop Policy - DCC' part appears but we don't get anything inside it.    We origionally tried it with only one KEYNAME, but after looking at various custom scripts on the net we tried two with no effect.  VALUENAME "fInheritResetBroken" does not work either.  The only other thing which we were wondering about is that other custom scripts are using the SOFTWARE key and we are using SYSTEM key.

This is only part of what we actually want to do, but we can't even get one box to work.  The full policy is eventually going to be applied to all of our domain controllers and file servers so that it disconnects inactive / disconnected remote desktop session after 15 minutes as we keep on running out of free sessions.  Although this can easily be configured manually we went for the group policy idea as it means no servers would be missed and we THOUGHT it wouldn't take very long.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12696448

If the policy doesn't appear at all then you need to turn off the filter for fully managed policies (as described in my first post - but for reference here again).

Select and right click Administrative Templates (Machine version / Computer Configuration version), go to View, Filtering and remove the tick from:

"Only show policy settings that can be fully managed"

Fully Managed refers to the ability of Group Policy to restore an original setting or remove a policy setting from the registry when the Policy itself is set to Not Configured, or the machine (in this case) is moved to a location uneffected by the policy.

Basically, if the computer object is ever effected by this policy the settings will remain in place until the reverse of the policy is set (either disabled or, in your case, the drag down box) or the value is manually changed or removed.

Let me know if that doesn't make sense.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12696462

Incidently, there's no problem using the system key. You can alter any registry value under either the HKey_Current_User Hive or the HKey_Local_Machine Hive with ADM files.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12696484

Oh, and just to confirm.

When I say policy I mean the policy entry that appears under the categories you've defined. The categories themselves will appear regardless of whether you have the filter set or not (and it is set by default - and will set every time you load up gpedit).
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 12696491

One day I'll remember to post everything in one post rather than adding extra comments all over the place ;)
0
 

Author Comment

by:dccdesktop
ID: 12696909
Thanks that worked.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12696915

Glad it helped :)
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Often times it's very very easy to extend a volume on a Linux instance in AWS, but impossible to shrink it. I wanted to contribute to the experts-exchange community a way of providing a procedure that works on an AWS instance. It can also be used on…
Screencast - Getting to Know the Pipeline
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question