?
Solved

.adm Template Question

Posted on 2007-09-29
6
Medium Priority
?
757 Views
Last Modified: 2013-12-04
I have a created a .adm Template for a GPO Setting to put Administrative Tools Icon on the Desktop and it works great, but i would like to know how i can change the policy, so that it will delete the new KEY created in the registry.

policy is here:

POLICY !!ShowAdminTools
       #if version >= 4
       SUPPORTED !!Support
       #endif

       KEYNAME "Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
                          \{D20EA4E1-3957-11d2-A40B-0C5020524153}"
       EXPLAIN !!Help5
       VALUENAME ""
       
END POLICY

It works by creating the KEY: {D20EA4E1-3957-11d2-A40B-0C5020524153} in the registry with NO REG_SZ or REG_DWORD 's under it.

But what I need, is that if I disable the Policy, it will DELETE the {D20EA4E1-3957-11d2-A40B-0C5020524153} KEY From Under NAMESPACE.

Can anyone edit Script to Show me how to achieve this?
0
Comment
Question by:andrewjones1987
  • 4
  • 2
6 Comments
 
LVL 57

Expert Comment

by:McKnife
ID: 19983966
To "kill" a certain key, you could import a regfile that goes like
--
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{D20EA4E1-3957-11d2-A40B-0C5020524153}
@="Computer Search Results Folder"
--
(notice the minus before HKey...=
Maybe that works inside another adm, too? I have not tried that, but what would work, would be, to put the above into a regfile and import it via domain startup script to each computer. Startup scripts use system rights, so they may alter HKLM.
0
 
LVL 57

Expert Comment

by:McKnife
ID: 19983969
oops, please remove @="Computer Search Results Folder"
0
 
LVL 2

Author Comment

by:andrewjones1987
ID: 19984011
I CANNOT GET THE - (minus) TO WORK IN THE .ADM SCRIPT. IT DOES NOT DELETE THE KEY WHEN THE GPO SETTING IS ENABLED. I HAVE USED BOTH:

KEYNAME -"Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{D20EA4E1-3957-11d2-A40B-0C5020524153}"

AND

KEYNAME "-Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{D20EA4E1-3957-11d2-A40B-0C5020524153}"

AND NEITHER WILL DELETE THE KEY. ANY SUGGESTIONS?

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 57

Expert Comment

by:McKnife
ID: 19984024
No suggestions but the one already given, use a startup script to kill that key. You could also install a active directory extension to create/delete/update certain regsitry keys without the use of ADMs: desktop standard registry extension. It's freeware. You would install it on every DC and also install the registry extension client (deployable as an msi) on every client.
0
 
LVL 2

Author Comment

by:andrewjones1987
ID: 19985297
where can i have a look at the freeware registry extension that you mention?
0
 
LVL 57

Accepted Solution

by:
McKnife earned 2000 total points
ID: 19992767
http://www.desktopstandard.com/PolicyMakerRegistryExtension.aspx
After installing the server portion, you will find the deployable .msi for the clints inside %programfiles%\DesktopStandard\PolicyMaker\Client on the server.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question