ADMs and GPOs

Is the limit of effect of an ADM script the writing/reading of a target system's registry? Or, are there FSO (file system) or WMI elemets which can be manipulated?
Thank you!
JohnD
LVL 1
John DarbyPMAsked:
Who is Participating?
 
Netman66Connect With a Mentor Commented:
Not as it is, no - you need a custom ADM.  The only thing native that is included is changing permissions on keys.

If you can't figure out how to create the ADM, then use a GPO to call a script that runs REG or REGEDIT /s or pure VBScript to modify the keys.

0
 
McKnifeCommented:
You can for example set permissions on files through computer config - windows settings - security settings
0
 
John DarbyPMAuthor Commented:
Thanks McKnife. I know about GPOs, but am unsure about my options in importing a Administrative rule (ADM script) into a particular GPO?
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Netman66Commented:
You can have an ADM that is a system policy, yes.  When you import it, you'll need to make sure your Filtering is set in Group Policy Editor - uncheck the box for "only show policy settings that can be fully managed".  This should allow you to see any custom work.

0
 
John DarbyPMAuthor Commented:
Does the ADM only allow for registry edits on clients?
0
 
John DarbyPMAuthor Commented:
Ahh, then if I can call a VBScript from an ADM, the sky is the limit since I have access to all the methods and properties it can access through WMI, FSO and ADSI!
0
 
Netman66Commented:
You bet.

You have 4 choices.

Computer Configuration>Windows Settings>Scripts = Startup or Shutdown

User Configuration>Windows Settings>Scripts = Logon or Logoff

The computer scripts execute in the SYSTEM context - keep in mind to use UNC paths in the scripts since no mapped drives exist outside a profile.

The User scripts execute in the context of the user unless elevated using runas or impersonate.

Have fun!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.