[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Need to deploy a registry setting via Group Policy

Posted on 2007-12-03
13
Medium Priority
?
26,849 Views
Last Modified: 2011-08-18
Need to deploy the following to all of my workstations, was hoping for through Group Policy:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\]
"KeepAliveTime"=dword:00124f80

I ran it through REG to ADM, and got the following:

CLASS MACHINE
CATEGORY "SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"
KEYNAME "SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"
 POLICY "KeepAliveTime"
  PART "KeepAliveTime"
  NUMERIC
  VALUENAME "KeepAliveTime"
  END PART
 END POLICY
END CATEGORY

But when I import the ADM file to a GP object, It just shows on the left side in the tree--no values to configure on the right (I thought I'd see at the very least "Enable / Disable")

Am I missing something stupid?
0
Comment
Question by:dav-i-son
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +2
13 Comments
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 200 total points
ID: 20395379
Distribute Registry Entries via Grop policy

On an Client PC (that has the admin tools installed) set up the registry key as required (HKLM, HKU or HKCR only)
Start > Run > dsa.msc
Launch the policy editor (right click Domain/OU> Properties> Group policy)
Navigate to, Computer configuration > Windows Settings > Security Settings > Registry

Right click in the right hand pane > add Key
Navigate to the key you set up earlier.




How to add, modify, or delete registry subkeys and values by using a registration entries (.reg) file
http://support.microsoft.com/default.aspx?kbid=310516
0
 
LVL 70

Expert Comment

by:KCTS
ID: 20395459
There used to be a nice tool dor doing this the policy maker registry extention but it is no longer available - for other options see http://www.windowsecurity.com/articles/Pushing-Out-Security-Settings-Configured-Registry.html
0
 

Author Comment

by:dav-i-son
ID: 20395650
Pete-

Doesn't that "section" of a GPO just set the security on the key... to use in a case where I want the user to be able to set the _value_  on their own?

When I ran the report on the policy in GPMC, it came up with the security descriptors I set, but didn't mention the value.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:dav-i-son
ID: 20395722
KCTS-

PolicyMaker seems to still do the Registry settings (just installed it), but I'll have a tough time getting funding for licensing 600+ PC's just for one little registry setting.  For that, I could do the import just using a script like reg /s keepalive.reg with the contents above in it.

Any other ideas?  Thanks though--you were on a close track, I think
0
 
LVL 70

Expert Comment

by:KCTS
ID: 20395779
The policymaker extention I was refering to used to be free - but it seems to have disappeared -!
0
 

Author Comment

by:dav-i-son
ID: 20395786
Aww, nuts!
0
 
LVL 85

Assisted Solution

by:oBdA
oBdA earned 600 total points
ID: 20396011
In the GPO editor, highlight "Administrative Templates" in the Computer Configuration tree, and choose "Filter" form the View menu. Uncheck "Show only policies that can be fully managed", and you'll find your setting.
Note that this will "brand" or "tattoo" your registry, just as if you would have imported a reg file or set the value manually; it will NOT change/reset to the former value if you delete the GPO!
0
 

Author Comment

by:dav-i-son
ID: 20396110
oBdA-

That worked (to a point)... I need to get the value "1200000" configured.  When I tried to enter that, it said the maximum was 9999, and that it would replace my entry w/ that.  Any way I can get the ADM file I created (or edit the ADM file) to support an entry of 1200000 ?

Thanks in advance!
0
 
LVL 85

Accepted Solution

by:
oBdA earned 600 total points
ID: 20396211
Try this:

CLASS MACHINE
CATEGORY "Configure TCP keep-alive transmissions"
KEYNAME "SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"
 POLICY "KeepAliveTime"
  PART "KeepAliveTime"
  NUMERIC
  MIN 1
  MAX 4294967295
  VALUENAME "KeepAliveTime"
  END PART
 END POLICY
END CATEGORY

Open in new window

0
 

Author Comment

by:dav-i-son
ID: 20396309
oBdA-

That did it!

I don't think I have to worry too much about tattooing--I can issue a command to remove the entry, if necessary (as it didn't exist before).

Thanks!

Ken
0
 

Expert Comment

by:youngslim
ID: 24803894
Hey - something obvious just hit me.

Why not download the two MS files - the enable and disable workaround msi's - and do a software install through the group policy? You'd have to restart your pc's, but, unlike scripts, you could see the thing running on reboot. It is another way to skin the cat . . .
0
 

Expert Comment

by:youngslim
ID: 24803902
Oh - I haven't test the above yet - but the enable and disable msi's can be downloaded at
http://support.microsoft.com/kb/972890
which is the consumer link

0
 

Expert Comment

by:youngslim
ID: 24804163
Sorry - posted to wrong open question.
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question