Solved

Need to deploy a registry setting via Group Policy

Posted on 2007-12-03
13
26,788 Views
Last Modified: 2011-08-18
Need to deploy the following to all of my workstations, was hoping for through Group Policy:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\]
"KeepAliveTime"=dword:00124f80

I ran it through REG to ADM, and got the following:

CLASS MACHINE
CATEGORY "SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"
KEYNAME "SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"
 POLICY "KeepAliveTime"
  PART "KeepAliveTime"
  NUMERIC
  VALUENAME "KeepAliveTime"
  END PART
 END POLICY
END CATEGORY

But when I import the ADM file to a GP object, It just shows on the left side in the tree--no values to configure on the right (I thought I'd see at the very least "Enable / Disable")

Am I missing something stupid?
0
Comment
Question by:dav-i-son
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +2
13 Comments
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 50 total points
ID: 20395379
Distribute Registry Entries via Grop policy

On an Client PC (that has the admin tools installed) set up the registry key as required (HKLM, HKU or HKCR only)
Start > Run > dsa.msc
Launch the policy editor (right click Domain/OU> Properties> Group policy)
Navigate to, Computer configuration > Windows Settings > Security Settings > Registry

Right click in the right hand pane > add Key
Navigate to the key you set up earlier.




How to add, modify, or delete registry subkeys and values by using a registration entries (.reg) file
http://support.microsoft.com/default.aspx?kbid=310516
0
 
LVL 70

Expert Comment

by:KCTS
ID: 20395459
There used to be a nice tool dor doing this the policy maker registry extention but it is no longer available - for other options see http://www.windowsecurity.com/articles/Pushing-Out-Security-Settings-Configured-Registry.html
0
 

Author Comment

by:dav-i-son
ID: 20395650
Pete-

Doesn't that "section" of a GPO just set the security on the key... to use in a case where I want the user to be able to set the _value_  on their own?

When I ran the report on the policy in GPMC, it came up with the security descriptors I set, but didn't mention the value.
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 

Author Comment

by:dav-i-son
ID: 20395722
KCTS-

PolicyMaker seems to still do the Registry settings (just installed it), but I'll have a tough time getting funding for licensing 600+ PC's just for one little registry setting.  For that, I could do the import just using a script like reg /s keepalive.reg with the contents above in it.

Any other ideas?  Thanks though--you were on a close track, I think
0
 
LVL 70

Expert Comment

by:KCTS
ID: 20395779
The policymaker extention I was refering to used to be free - but it seems to have disappeared -!
0
 

Author Comment

by:dav-i-son
ID: 20395786
Aww, nuts!
0
 
LVL 84

Assisted Solution

by:oBdA
oBdA earned 150 total points
ID: 20396011
In the GPO editor, highlight "Administrative Templates" in the Computer Configuration tree, and choose "Filter" form the View menu. Uncheck "Show only policies that can be fully managed", and you'll find your setting.
Note that this will "brand" or "tattoo" your registry, just as if you would have imported a reg file or set the value manually; it will NOT change/reset to the former value if you delete the GPO!
0
 

Author Comment

by:dav-i-son
ID: 20396110
oBdA-

That worked (to a point)... I need to get the value "1200000" configured.  When I tried to enter that, it said the maximum was 9999, and that it would replace my entry w/ that.  Any way I can get the ADM file I created (or edit the ADM file) to support an entry of 1200000 ?

Thanks in advance!
0
 
LVL 84

Accepted Solution

by:
oBdA earned 150 total points
ID: 20396211
Try this:

CLASS MACHINE
CATEGORY "Configure TCP keep-alive transmissions"
KEYNAME "SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"
 POLICY "KeepAliveTime"
  PART "KeepAliveTime"
  NUMERIC
  MIN 1
  MAX 4294967295
  VALUENAME "KeepAliveTime"
  END PART
 END POLICY
END CATEGORY

Open in new window

0
 

Author Comment

by:dav-i-son
ID: 20396309
oBdA-

That did it!

I don't think I have to worry too much about tattooing--I can issue a command to remove the entry, if necessary (as it didn't exist before).

Thanks!

Ken
0
 

Expert Comment

by:youngslim
ID: 24803894
Hey - something obvious just hit me.

Why not download the two MS files - the enable and disable workaround msi's - and do a software install through the group policy? You'd have to restart your pc's, but, unlike scripts, you could see the thing running on reboot. It is another way to skin the cat . . .
0
 

Expert Comment

by:youngslim
ID: 24803902
Oh - I haven't test the above yet - but the enable and disable msi's can be downloaded at
http://support.microsoft.com/kb/972890
which is the consumer link

0
 

Expert Comment

by:youngslim
ID: 24804163
Sorry - posted to wrong open question.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question