• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7613
  • Last Modified:

How to edit registry entry using group policy

I would like to automate the process of uninstalling Symantec Antivirus Client from about 40 Windows XP clients who are part of Windows Server 2003 domain and the only thing I am stuck at is how to edit registartion entry so that the uninstall process doesn't ask for admin password.
I can MANUALLY edit the registration entry "UseVPUninstallPassword" to 0 using regedit.
However, I am trying to use REGINI.exe to accomplish this :
Both regini and rp1.ini are in C:\Windows\System32
at command prompt when I run C:\> regini.exe rp1.ini  
The "UseVPUninstallPassword"= REG_DWORD 0x00000001 remains unchanged.
Here is rp.ini
-------------------------------------------------------------------
 rp1.ini
HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\AdministratorOnly\Security "UseVPUninstallPassword"= REG_DWORD 0x00000000

I have also tried :
rp1.ini different style :
------------------------------------------------------------
\registry\machine
              SOFTWARE
                    INTEL
                       LANDesk
                           VirusProtect6
                                     CurrentVersion
                                                AdministratorOnly
                                                             Security
                                                                "UseVPUninstallPassword" = REG_DWORD 0x00000000
----------------------------------------------------
The resulting entry remains UNCHANGED and I want to automate the whole process.



 
0
mn210
Asked:
mn210
2 Solutions
 
and235100Commented:
Can you run this from a batch file - with a reg add /f entry before it - so the registry value gets changed?

@echo off
reg add HKLM\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\AdministratorOnly\Security /v "UseVPUninstallPassword" /t reg_dword /d 0x00000000 /f


(all one line, of course)
0
 
matrixnzCommented:
Hi mn210

You can create a custom ADM file, see attached, Save the file as SAVPUR.adm (or whatever you like, that stands for Symantec AntiVirus Password Uninstall Remover)
Using Group Policy Management Tool, add the template to your particular OU GPO, once you've done that you can navigate to Computer Configuration\Administrative Tools\Symantec AntiVirus and enable Symantec AV Uninstall Password and then check the Remove Symantec AV Uninstall Password Requirement

That's it, just remember to view this Group Policy you must modify "Filtering" remove check against "Only show policy settings that can be fully managed."

Hope that helps.

Cheers
CLASS MACHINE
 
CATEGORY "Symantec Antivirus"
 
  POLICY !!PolicyNoAdmin
  EXPLAIN !!ExplainNoAdmin
  KEYNAME 
 
"Software\INTEL\LANDesk\VirusProtect6\CurrentVersion\AdministratorOnly\Security"
    PART !!PartNoAdmin
    CHECKBOX
    VALUENAME "UseVPUninstallPassword"
    VALUEON NUMERIC 0
    VALUEOFF NUMERIC 1
    END PART
  END POLICY
 
END CATEGORY
 
[STRINGS]
PolicyNoAdmin=Symantec AV Uninstall Password
ExplainNoAdmin=Remove Symantec AV Uninstall Password Requirement
PartNoAdmin=Remove Symantec AV Uninstall Password Requirement

Open in new window

0
 
Computer101Commented:
Forced accept.

Computer101
EE Admin
0
 
Ehab_NassarCommented:
I want to make it with script  like  i use add reg ... with paramter f
with adm template need some work to do admx
could anyone help me
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now