ADMs and GPOs

Is the limit of effect of an ADM script the writing/reading of a target system's registry? Or, are there FSO (file system) or WMI elemets which can be manipulated?
Thank you!
John DarbyPMAsked:
Who is Participating?
Netman66Connect With a Mentor Commented:
Not as it is, no - you need a custom ADM.  The only thing native that is included is changing permissions on keys.

If you can't figure out how to create the ADM, then use a GPO to call a script that runs REG or REGEDIT /s or pure VBScript to modify the keys.

You can for example set permissions on files through computer config - windows settings - security settings
John DarbyPMAuthor Commented:
Thanks McKnife. I know about GPOs, but am unsure about my options in importing a Administrative rule (ADM script) into a particular GPO?
Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

You can have an ADM that is a system policy, yes.  When you import it, you'll need to make sure your Filtering is set in Group Policy Editor - uncheck the box for "only show policy settings that can be fully managed".  This should allow you to see any custom work.

John DarbyPMAuthor Commented:
Does the ADM only allow for registry edits on clients?
John DarbyPMAuthor Commented:
Ahh, then if I can call a VBScript from an ADM, the sky is the limit since I have access to all the methods and properties it can access through WMI, FSO and ADSI!
You bet.

You have 4 choices.

Computer Configuration>Windows Settings>Scripts = Startup or Shutdown

User Configuration>Windows Settings>Scripts = Logon or Logoff

The computer scripts execute in the SYSTEM context - keep in mind to use UNC paths in the scripts since no mapped drives exist outside a profile.

The User scripts execute in the context of the user unless elevated using runas or impersonate.

Have fun!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.