Edit special GPO settings
Posted on 2007-12-03
I have a special lockdown GPO I created to control workstations in need of heavy security due to PCI requirements. I chose many of the settings in the GPO myself, but I also copied portions from a NSA/MS SSLF template and imported the settings into the GPO.
I noticed that there are some registry settings under Security Options I cannot edit. In the GPMC I can use the settings tab to look in Windows Settings/Security Settings/Local Policies/Security Options/Registry Values and see values such set as MACHINE\System\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation or MACHINE\Software\Policies\Microsoft\Cryptography\ForceKeyProtection
Now it is not that I do not have permission to edit these, I simply cannot find them listed in the GPO in edit mode. So I thought it might be like using the custom administrative templates setting for disabling USB drives, where you have to change the filtering so you can see the policy settings (View>filtering>uncheck Only Show Policy settings that can be fully managed), but I cannot find anything similar.
So I just do not see a way in the GPMC console to edit these portions of the GPO, but I figure if I got them from a template someone made, then there must be some way to modify them either manually of through a file import. Any ideas? Thanks.