Solved

ADMs and GPOs

Posted on 2006-11-30
7
438 Views
Last Modified: 2010-04-18
Is the limit of effect of an ADM script the writing/reading of a target system's registry? Or, are there FSO (file system) or WMI elemets which can be manipulated?
Thank you!
JohnD
0
Comment
Question by:johndarby
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 54

Expert Comment

by:McKnife
ID: 18049477
You can for example set permissions on files through computer config - windows settings - security settings
0
 
LVL 1

Author Comment

by:johndarby
ID: 18049962
Thanks McKnife. I know about GPOs, but am unsure about my options in importing a Administrative rule (ADM script) into a particular GPO?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 18050115
You can have an ADM that is a system policy, yes.  When you import it, you'll need to make sure your Filtering is set in Group Policy Editor - uncheck the box for "only show policy settings that can be fully managed".  This should allow you to see any custom work.

0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 1

Author Comment

by:johndarby
ID: 18050138
Does the ADM only allow for registry edits on clients?
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 18050160
Not as it is, no - you need a custom ADM.  The only thing native that is included is changing permissions on keys.

If you can't figure out how to create the ADM, then use a GPO to call a script that runs REG or REGEDIT /s or pure VBScript to modify the keys.

0
 
LVL 1

Author Comment

by:johndarby
ID: 18050235
Ahh, then if I can call a VBScript from an ADM, the sky is the limit since I have access to all the methods and properties it can access through WMI, FSO and ADSI!
0
 
LVL 51

Expert Comment

by:Netman66
ID: 18050264
You bet.

You have 4 choices.

Computer Configuration>Windows Settings>Scripts = Startup or Shutdown

User Configuration>Windows Settings>Scripts = Logon or Logoff

The computer scripts execute in the SYSTEM context - keep in mind to use UNC paths in the scripts since no mapped drives exist outside a profile.

The User scripts execute in the context of the user unless elevated using runas or impersonate.

Have fun!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Learn about cloud computing and its benefits for small business owners.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question