Solved

registry change on all client computers using group policy

Posted on 2007-03-28
7
4,597 Views
Last Modified: 2011-08-18
Hello,

I must make a registry change on all xp computers (about 1600) in the domain. We do not have sms nor are we planning to purchase it due to budger contraints. I would like to know how i can make this registry change using a Group Policy. We have 2003 Windows servers with AD.

Thanks,
Tacobell2000
0
Comment
Question by:Tacobell2000
  • 3
  • 3
7 Comments
 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 200 total points
Comment Utility
You will need to create a custom ADM template.  Instructions/tutorials for doing so can be found here:

http://thelazyadmin.com/index.php?/archives/125-Creating-Custom-ADM-Templates.html
http://support.microsoft.com/kb/225087
http://support.microsoft.com/kb/323639

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 300 total points
Comment Utility
Hey Laura!  Nice to see you here.

While a Custom ADM will work, it's generally a lot of work for something like that.

You can add it to a logon or startup script (in a GPO) using a .reg file and either regedit /s or reg /add.

Where is this key?  Under HKLM or HKCU?

0
 

Author Comment

by:Tacobell2000
Comment Utility
It is under HKLM.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 30

Expert Comment

by:LauraEHunterMVP
Comment Utility
If it is a key that the end-user has write access to, you can add it via a logon script (use the "reg add" command or vbscript, your preference.

If it is a critical key that normal users can't write to, you can deploy it as a computer startup script, since this will run under the LocalSystem account and will be able to update any key you need.
0
 

Author Comment

by:Tacobell2000
Comment Utility
Thank you. I`ll make a computer startup script.
How do i make a startup script that will tell these computers to modify the registry? Is it
REG ADD  [HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Deployment\Policy]
"EnableSecureStaticVersioning"=dword:00000000 ?


Many thanks,
Tacobell2000
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
Comment Utility
Full syntax for the reg command is here, if you're using a .bat or .cmd file: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/reg.mspx?mfr=true

Examples:

reg add \hklm\software\myco /v data /t reg_binary /d fe340ead
reg add "hkcu\software\microsoft\winmine" /v Name3 /t reg_sz /d Anonymous
reg add "hkcu\software\microsoft\winmine" /v Time3 /t reg_dword /d 5

VBScript samples for modifying registry keys can be found here: http://www.microsoft.com/technet/scriptcenter/scripts/default.mspx?mfr=true

Example:

Const HKEY_LOCAL_MACHINE = &H80000002

strComputer = "."
 
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
    strComputer & "\root\default:StdRegProv")
 
strKeyPath = "SOFTWARE\System Admin Scripting Guide"
strValueName = "String Value Name"
strValue = "string value"
oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
 
strValueName = "DWORD Value Name"
dwValue = 82
oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue

0
 

Author Comment

by:Tacobell2000
Comment Utility
Thank you!
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Synchronize a new Active Directory domain with an existing Office 365 tenant
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now