[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

How to add registry key for windows xp machines through group policy ( windows 2003 group policy)

Posted on 2008-06-12
36
Medium Priority
?
3,095 Views
Last Modified: 2013-12-05
I am trying to deploye one additional registry key for my entire desktops through computer based group policy.

The registry key which i want to add on computer policy is follow:-
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\TrustManager\cDefaultLaunchURLPerms

Can anyboddy please advise me how do i add this registry key in GP for all my computers.

0
Comment
Question by:vedprakashchoudhary
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 10
  • 10
36 Comments
 
LVL 25

Expert Comment

by:slam69
ID: 21768089
0
 
LVL 25

Expert Comment

by:slam69
ID: 21768094
gp isnt the best way to do it on its own, personall i would have a batch file called as part of the log on script that added teh key, but this site tells you of a console plug in that lets you adminsitrate registry keys through gpo directly
0
 

Author Comment

by:vedprakashchoudhary
ID: 21768175
Link which you have given me is not ok for me as it asking for install a free toll, Trust we are not suppose to install any free toll in our orginzation.
I m looking some more helpful link from your side and apart from that how can i do that through script. Please let me know the same also with full details. This is urgent for me please help!!

Thanks in advance.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 2

Expert Comment

by:HengTime
ID: 21768182
0
 

Author Comment

by:vedprakashchoudhary
ID: 21768357
Can you please help to create ADM file for my requirement. Please find the attached screen shot for one of my client machine where these registry key already excists.

I want to add below registry key on every client machine for Adobe trust version.
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\TrustManager\cDefaultLaunchURLPerms



Adobe.JPG
0
 
LVL 25

Expert Comment

by:slam69
ID: 21768360
ok add the key manually first time and then export the key to a .reg file ( or create it manually ill show you how in a second)
Create a log on script for the users you want this applied to within gpo and add teh following line to it

regedit.exe /s path of .reg file

where the .reg file is stored on an accessible location for all users
0
 
LVL 25

Expert Comment

by:slam69
ID: 21768376
to create the .ref file manually

open notepad and copy and paste the following replacing the data typen and value variables, if unsure though just export the key direct from a regiostry you have added it to

RegistryEditorVersion
Blank line
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\TrustManager\]
"cDefaultLaunchURLPerms"="DataType1:DataValue1"


save this as .reg file
0
 

Author Comment

by:vedprakashchoudhary
ID: 21768585
This is ok for me that i will export the registry key for my pc where i have already these registry.

But how do i create a ADM file. Mean to say i would like to know the steps to configure ADM files.
the above step i can't able to understand.

Can you suggest what do you mean by these lines which you updated on your last update:
Create a log on script for the users you want this applied to within gpo and add teh following line to it

regedit.exe /s path of .reg file

where the .reg file is stored on an accessible location for all users.

please advise me describe step about how to create ADM file for above screen shot registry. Please help me its urgent for me. Trust i m really thankful for you guys
0
 
LVL 25

Expert Comment

by:slam69
ID: 21768666
unsure myself how to create an ADM file its not the way i would do it I would add the key via a log on script

Open notepad

copy regedit.exe /s path of .reg file

and replace path of .reg file with the path to the .reg file you have.
Save the notepad file and then right click it change the file extension from .txt to .vbs

then assign the logon script to the group or users you want to assign it to.

if you dont  know how to assign a logon script to a user let me know
0
 
LVL 2

Expert Comment

by:HengTime
ID: 21768726
I am sorry but i cant read the values on your screenshot.
I found another two links that might be helpful

MS Tech with various examples of .adm files

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/gp/admtgp.mspx

An answered question on exaclty this topic

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_22744954.html

the .adm file should look something like this... i havent tested and the you will have to set the values according to your needs (s.a)

CLASS USER
CATEGORY "Software"
POLICY "***YOUR PROCESS***"
KEYNAME "Software\Adobe\Acrobat Reader\7.0\TrustManager\"
VALUENAME "cDefaultLaunchURLPerms"
VALUEON "yes" VALUEOFF "no"
END POLICY
END CATEGORY

hope this was helpful
0
 

Author Comment

by:vedprakashchoudhary
ID: 21768764
ok i have created Vbs file by following
regedit.exe /s HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\TrustManager\cDefaultLaunchURLPerms
and save it as a VBS extation.

Howver when i m  trying to open it by double click its giving me attached screen shot error

VB-error.JPG
0
 
LVL 25

Expert Comment

by:slam69
ID: 21768810
NOOOOOOOO sorry think yuou have mis understood

when you export the key out of the reirty it will create a.reg file wherever you choose to save it. put the path to that .reg file in the VBS script

for example

regedit.exe /s c:\yourexportedfile.reg
0
 

Author Comment

by:vedprakashchoudhary
ID: 21770019
This is not working for me please and not possible for me to do this through scripts on users profile. I want to know some alternative way.

Some one guide me what exactly needs to be done for adding above registry key through group policy.
0
 
LVL 25

Expert Comment

by:slam69
ID: 21770075
why cant you do the script method it is a standard everyday process of creating a log on script performed by sys amins everyday?.

the alternative is the free plug in tool as decribed earlier or teh adm file solution. if you read all that post it tells you how to do it although im not convinced it will be successful.

log on script is the way to do it
0
 
LVL 2

Accepted Solution

by:
HengTime earned 1000 total points
ID: 21770280
since I still dont know all off your registry entry i cannot give you the .adm file

a basic template:

CLASS USER
  CATEGORY "YOUR_CATEGORY"
     POLICY "YOUR_POLICY"
     
       KEYNAME "Software\Adobe\Acrobat Reader\7.0\TrustManager\cDefaultLaunchURLPerms"
       EDITTEXT
       DEFAULT "YOUR_DEFAULT_VALUE"
       VALUENAME "YOUR_VALUE_NAME"
   
   END POLICY "YOUR_POLICY"
END CATEGORY  "YOUR_CATEGORY"

I recommend reading http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/gp/admtgp.mspx

Especially the section "How to Write a Simple .Adm File for Registry-based Group Policy"

You could also download NUTS from the site below. It includes an .reg to .adm converter which you can use to  create an .adm from your existing examply registry entry.

http://yizhar.mvps.org/

the link below will guide you through applying the .adm to your GPO...

http://www.petri.co.il/adding_new_administrative_templates_to_gpo.htm


0
 

Author Comment

by:vedprakashchoudhary
ID: 21770534
Please find the attached registry key which i want to deploye through group policy.
Below is the current registry path installed on all clients.
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0
We need to deploye additional TrustManger throug GP, It should be look like
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\TrustManager\cDefaultLaunchURLPerms

I think we can achieve this through ADM file. Please request you to please let me know the described procedure for this.
0
 
LVL 2

Expert Comment

by:HengTime
ID: 21770758
I am sorry but i cant download or see  the attached registry file.

I really really recommend you to use the "regToAdm" Program included in the NUTS toolkit (download link in my last post).
Given an exported registry entry it will automatically generate an appropriate adm file

0
 
LVL 2

Expert Comment

by:HengTime
ID: 21770791
for example if given:

[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\AdobeViewer]
"TrustedMode"=dword:00000000


it will generate

CLASS USER

CATEGORY "Software\Adobe\Acrobat Reader\7.0\AdobeViewer"
KEYNAME "Software\Adobe\Acrobat Reader\7.0\AdobeViewer"

 POLICY "TrustedMode"
  PART "TrustedMode"
  NUMERIC
  VALUENAME "TrustedMode"
  END PART
 END POLICY

END CATEGORY

You might have to change the policy name but thats all....
0
 

Author Comment

by:vedprakashchoudhary
ID: 21777416
HengTime:-
Thanks, now i have ADM file with me with the help of nuts. Can you please guide how do i apply this with GP.
0
 

Author Comment

by:vedprakashchoudhary
ID: 21777525
Please find attached adm file and now i want to add this ADM with GP.

these are the points which i have already followed:-
1. On domain controller.
2. Open Test GP
3. On computer configureation
4. Under computer configuration\administrative templates
5. Under Administrative templates i have add this Shostperms.adm file.
6. close the GP
7.However GP console not showing any additonal settings on Test gp.

Can you please guide is their any point which i m missing
0
 
LVL 2

Expert Comment

by:HengTime
ID: 21779463
Have you tried disabling the GPO Settings Filtering?

If not ...

1.  browse to the newly added Administrative Template section.
2.  Right-click an empty spot in the right pane and select View > Filtering.
3.  In the Filtering window click to un-mark the "Only show policy settings that can be fully managed" option. Then click Ok.
4.  Notice how the available options are now displayed in the right pane.

(Copied from the guide...)



0
 

Author Comment

by:vedprakashchoudhary
ID: 21779552
Hengtime:- Thanks for your advise, But i already did this, Unfornetely i missed out to mension this point on my last note.
0
 

Author Comment

by:vedprakashchoudhary
ID: 21779559
Any other comments on this please..
0
 
LVL 25

Expert Comment

by:slam69
ID: 21779571
Log on script.........
0
 
LVL 2

Expert Comment

by:HengTime
ID: 21779685
oh i still got an idea...
 since you wanted to add a reg key to USER the adm file probalby has CLASS USER written in it and is hence (should be) added under the "user configuration" section in GP Console. Try looking there.. if you havent already done so..
0
 

Author Comment

by:vedprakashchoudhary
ID: 21779714
Slam i only want to achieve this through ADM only.. As log on script could be possible but no match to my expection as their is lotus of difficult to apply script.
Please advise more if you could do this through ADM.

Although i have already created ADM with Nuts tool, and also tried to apply with above steps, but no luck!!
0
 
LVL 2

Expert Comment

by:HengTime
ID: 21779765
and yupp... logon script are quite useful :)
0
 
LVL 25

Assisted Solution

by:slam69
slam69 earned 1000 total points
ID: 21782632
Ok before you posted you asked how to do this and wasnt even aware of ADM before the post. as far as im aware the most consistent approach for making sure a registry key is added to users hives is via a log on script or a gp plug in editor

I have advised how to do this the method you are trying to do is not one i would employ, i dont understand why you would want to do through ADM so sincerly when as far as i can tell from the start of this post you didnt know ADM existed?
0
 
LVL 25

Expert Comment

by:slam69
ID: 21952529
I feel this question has been answered fully in a couple of diffrent ways at least a PAQ no refund the solutions offered by both myself and the other expert are completely valid for how to resolve the question as it was originally posted, in honesty a split would be the fairest option
0
 
LVL 2

Expert Comment

by:HengTime
ID: 21962709
I fully agree with slam69
0
 
LVL 2

Expert Comment

by:HengTime
ID: 21963116
i think  21770280  contains all the information/references needed.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
Know what services you can and cannot, should and should not combine on your server.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question