Solved

Need to deploy a registry setting via Group Policy

Posted on 2007-12-03
13
26,808 Views
Last Modified: 2011-08-18
Need to deploy the following to all of my workstations, was hoping for through Group Policy:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\]
"KeepAliveTime"=dword:00124f80

I ran it through REG to ADM, and got the following:

CLASS MACHINE
CATEGORY "SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"
KEYNAME "SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"
 POLICY "KeepAliveTime"
  PART "KeepAliveTime"
  NUMERIC
  VALUENAME "KeepAliveTime"
  END PART
 END POLICY
END CATEGORY

But when I import the ADM file to a GP object, It just shows on the left side in the tree--no values to configure on the right (I thought I'd see at the very least "Enable / Disable")

Am I missing something stupid?
0
Comment
Question by:dav-i-son
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +2
13 Comments
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 50 total points
ID: 20395379
Distribute Registry Entries via Grop policy

On an Client PC (that has the admin tools installed) set up the registry key as required (HKLM, HKU or HKCR only)
Start > Run > dsa.msc
Launch the policy editor (right click Domain/OU> Properties> Group policy)
Navigate to, Computer configuration > Windows Settings > Security Settings > Registry

Right click in the right hand pane > add Key
Navigate to the key you set up earlier.




How to add, modify, or delete registry subkeys and values by using a registration entries (.reg) file
http://support.microsoft.com/default.aspx?kbid=310516
0
 
LVL 70

Expert Comment

by:KCTS
ID: 20395459
There used to be a nice tool dor doing this the policy maker registry extention but it is no longer available - for other options see http://www.windowsecurity.com/articles/Pushing-Out-Security-Settings-Configured-Registry.html
0
 

Author Comment

by:dav-i-son
ID: 20395650
Pete-

Doesn't that "section" of a GPO just set the security on the key... to use in a case where I want the user to be able to set the _value_  on their own?

When I ran the report on the policy in GPMC, it came up with the security descriptors I set, but didn't mention the value.
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 

Author Comment

by:dav-i-son
ID: 20395722
KCTS-

PolicyMaker seems to still do the Registry settings (just installed it), but I'll have a tough time getting funding for licensing 600+ PC's just for one little registry setting.  For that, I could do the import just using a script like reg /s keepalive.reg with the contents above in it.

Any other ideas?  Thanks though--you were on a close track, I think
0
 
LVL 70

Expert Comment

by:KCTS
ID: 20395779
The policymaker extention I was refering to used to be free - but it seems to have disappeared -!
0
 

Author Comment

by:dav-i-son
ID: 20395786
Aww, nuts!
0
 
LVL 85

Assisted Solution

by:oBdA
oBdA earned 150 total points
ID: 20396011
In the GPO editor, highlight "Administrative Templates" in the Computer Configuration tree, and choose "Filter" form the View menu. Uncheck "Show only policies that can be fully managed", and you'll find your setting.
Note that this will "brand" or "tattoo" your registry, just as if you would have imported a reg file or set the value manually; it will NOT change/reset to the former value if you delete the GPO!
0
 

Author Comment

by:dav-i-son
ID: 20396110
oBdA-

That worked (to a point)... I need to get the value "1200000" configured.  When I tried to enter that, it said the maximum was 9999, and that it would replace my entry w/ that.  Any way I can get the ADM file I created (or edit the ADM file) to support an entry of 1200000 ?

Thanks in advance!
0
 
LVL 85

Accepted Solution

by:
oBdA earned 150 total points
ID: 20396211
Try this:

CLASS MACHINE
CATEGORY "Configure TCP keep-alive transmissions"
KEYNAME "SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"
 POLICY "KeepAliveTime"
  PART "KeepAliveTime"
  NUMERIC
  MIN 1
  MAX 4294967295
  VALUENAME "KeepAliveTime"
  END PART
 END POLICY
END CATEGORY

Open in new window

0
 

Author Comment

by:dav-i-son
ID: 20396309
oBdA-

That did it!

I don't think I have to worry too much about tattooing--I can issue a command to remove the entry, if necessary (as it didn't exist before).

Thanks!

Ken
0
 

Expert Comment

by:youngslim
ID: 24803894
Hey - something obvious just hit me.

Why not download the two MS files - the enable and disable workaround msi's - and do a software install through the group policy? You'd have to restart your pc's, but, unlike scripts, you could see the thing running on reboot. It is another way to skin the cat . . .
0
 

Expert Comment

by:youngslim
ID: 24803902
Oh - I haven't test the above yet - but the enable and disable msi's can be downloaded at
http://support.microsoft.com/kb/972890
which is the consumer link

0
 

Expert Comment

by:youngslim
ID: 24804163
Sorry - posted to wrong open question.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question