Need to deploy a registry setting via Group Policy

Need to deploy the following to all of my workstations, was hoping for through Group Policy:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\]
"KeepAliveTime"=dword:00124f80

I ran it through REG to ADM, and got the following:

CLASS MACHINE
CATEGORY "SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"
KEYNAME "SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"
 POLICY "KeepAliveTime"
  PART "KeepAliveTime"
  NUMERIC
  VALUENAME "KeepAliveTime"
  END PART
 END POLICY
END CATEGORY

But when I import the ADM file to a GP object, It just shows on the left side in the tree--no values to configure on the right (I thought I'd see at the very least "Enable / Disable")

Am I missing something stupid?
dav-i-sonAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
oBdAConnect With a Mentor Commented:
Try this:

CLASS MACHINE
CATEGORY "Configure TCP keep-alive transmissions"
KEYNAME "SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\"
 POLICY "KeepAliveTime"
  PART "KeepAliveTime"
  NUMERIC
  MIN 1
  MAX 4294967295
  VALUENAME "KeepAliveTime"
  END PART
 END POLICY
END CATEGORY

Open in new window

0
 
Pete LongConnect With a Mentor Technical ConsultantCommented:
Distribute Registry Entries via Grop policy

On an Client PC (that has the admin tools installed) set up the registry key as required (HKLM, HKU or HKCR only)
Start > Run > dsa.msc
Launch the policy editor (right click Domain/OU> Properties> Group policy)
Navigate to, Computer configuration > Windows Settings > Security Settings > Registry

Right click in the right hand pane > add Key
Navigate to the key you set up earlier.




How to add, modify, or delete registry subkeys and values by using a registration entries (.reg) file
http://support.microsoft.com/default.aspx?kbid=310516
0
 
KCTSCommented:
There used to be a nice tool dor doing this the policy maker registry extention but it is no longer available - for other options see http://www.windowsecurity.com/articles/Pushing-Out-Security-Settings-Configured-Registry.html
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
dav-i-sonAuthor Commented:
Pete-

Doesn't that "section" of a GPO just set the security on the key... to use in a case where I want the user to be able to set the _value_  on their own?

When I ran the report on the policy in GPMC, it came up with the security descriptors I set, but didn't mention the value.
0
 
dav-i-sonAuthor Commented:
KCTS-

PolicyMaker seems to still do the Registry settings (just installed it), but I'll have a tough time getting funding for licensing 600+ PC's just for one little registry setting.  For that, I could do the import just using a script like reg /s keepalive.reg with the contents above in it.

Any other ideas?  Thanks though--you were on a close track, I think
0
 
KCTSCommented:
The policymaker extention I was refering to used to be free - but it seems to have disappeared -!
0
 
dav-i-sonAuthor Commented:
Aww, nuts!
0
 
oBdAConnect With a Mentor Commented:
In the GPO editor, highlight "Administrative Templates" in the Computer Configuration tree, and choose "Filter" form the View menu. Uncheck "Show only policies that can be fully managed", and you'll find your setting.
Note that this will "brand" or "tattoo" your registry, just as if you would have imported a reg file or set the value manually; it will NOT change/reset to the former value if you delete the GPO!
0
 
dav-i-sonAuthor Commented:
oBdA-

That worked (to a point)... I need to get the value "1200000" configured.  When I tried to enter that, it said the maximum was 9999, and that it would replace my entry w/ that.  Any way I can get the ADM file I created (or edit the ADM file) to support an entry of 1200000 ?

Thanks in advance!
0
 
dav-i-sonAuthor Commented:
oBdA-

That did it!

I don't think I have to worry too much about tattooing--I can issue a command to remove the entry, if necessary (as it didn't exist before).

Thanks!

Ken
0
 
youngslimCommented:
Hey - something obvious just hit me.

Why not download the two MS files - the enable and disable workaround msi's - and do a software install through the group policy? You'd have to restart your pc's, but, unlike scripts, you could see the thing running on reboot. It is another way to skin the cat . . .
0
 
youngslimCommented:
Oh - I haven't test the above yet - but the enable and disable msi's can be downloaded at
http://support.microsoft.com/kb/972890
which is the consumer link

0
 
youngslimCommented:
Sorry - posted to wrong open question.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.