.adm Template Question

I have a created a .adm Template for a GPO Setting to put Administrative Tools Icon on the Desktop and it works great, but i would like to know how i can change the policy, so that it will delete the new KEY created in the registry.

policy is here:

POLICY !!ShowAdminTools
       #if version >= 4
       SUPPORTED !!Support
       #endif

       KEYNAME "Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
                          \{D20EA4E1-3957-11d2-A40B-0C5020524153}"
       EXPLAIN !!Help5
       VALUENAME ""
       
END POLICY

It works by creating the KEY: {D20EA4E1-3957-11d2-A40B-0C5020524153} in the registry with NO REG_SZ or REG_DWORD 's under it.

But what I need, is that if I disable the Policy, it will DELETE the {D20EA4E1-3957-11d2-A40B-0C5020524153} KEY From Under NAMESPACE.

Can anyone edit Script to Show me how to achieve this?
LVL 2
andrewjones1987Asked:
Who is Participating?
 
McKnifeConnect With a Mentor Commented:
http://www.desktopstandard.com/PolicyMakerRegistryExtension.aspx
After installing the server portion, you will find the deployable .msi for the clints inside %programfiles%\DesktopStandard\PolicyMaker\Client on the server.
0
 
McKnifeCommented:
To "kill" a certain key, you could import a regfile that goes like
--
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{D20EA4E1-3957-11d2-A40B-0C5020524153}
@="Computer Search Results Folder"
--
(notice the minus before HKey...=
Maybe that works inside another adm, too? I have not tried that, but what would work, would be, to put the above into a regfile and import it via domain startup script to each computer. Startup scripts use system rights, so they may alter HKLM.
0
 
McKnifeCommented:
oops, please remove @="Computer Search Results Folder"
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
andrewjones1987Author Commented:
I CANNOT GET THE - (minus) TO WORK IN THE .ADM SCRIPT. IT DOES NOT DELETE THE KEY WHEN THE GPO SETTING IS ENABLED. I HAVE USED BOTH:

KEYNAME -"Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{D20EA4E1-3957-11d2-A40B-0C5020524153}"

AND

KEYNAME "-Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{D20EA4E1-3957-11d2-A40B-0C5020524153}"

AND NEITHER WILL DELETE THE KEY. ANY SUGGESTIONS?

0
 
McKnifeCommented:
No suggestions but the one already given, use a startup script to kill that key. You could also install a active directory extension to create/delete/update certain regsitry keys without the use of ADMs: desktop standard registry extension. It's freeware. You would install it on every DC and also install the registry extension client (deployable as an msi) on every client.
0
 
andrewjones1987Author Commented:
where can i have a look at the freeware registry extension that you mention?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.