Solved

How to add registry key for windows xp machines through group policy ( windows 2003 group policy)

Posted on 2008-06-12
36
3,080 Views
Last Modified: 2013-12-05
I am trying to deploye one additional registry key for my entire desktops through computer based group policy.

The registry key which i want to add on computer policy is follow:-
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\TrustManager\cDefaultLaunchURLPerms

Can anyboddy please advise me how do i add this registry key in GP for all my computers.

0
Comment
Question by:vedprakashchoudhary
  • 11
  • 10
  • 10
36 Comments
 
LVL 25

Expert Comment

by:slam69
Comment Utility
0
 
LVL 25

Expert Comment

by:slam69
Comment Utility
gp isnt the best way to do it on its own, personall i would have a batch file called as part of the log on script that added teh key, but this site tells you of a console plug in that lets you adminsitrate registry keys through gpo directly
0
 

Author Comment

by:vedprakashchoudhary
Comment Utility
Link which you have given me is not ok for me as it asking for install a free toll, Trust we are not suppose to install any free toll in our orginzation.
I m looking some more helpful link from your side and apart from that how can i do that through script. Please let me know the same also with full details. This is urgent for me please help!!

Thanks in advance.
0
 
LVL 2

Expert Comment

by:HengTime
Comment Utility
0
 

Author Comment

by:vedprakashchoudhary
Comment Utility
Can you please help to create ADM file for my requirement. Please find the attached screen shot for one of my client machine where these registry key already excists.

I want to add below registry key on every client machine for Adobe trust version.
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\TrustManager\cDefaultLaunchURLPerms



Adobe.JPG
0
 
LVL 25

Expert Comment

by:slam69
Comment Utility
ok add the key manually first time and then export the key to a .reg file ( or create it manually ill show you how in a second)
Create a log on script for the users you want this applied to within gpo and add teh following line to it

regedit.exe /s path of .reg file

where the .reg file is stored on an accessible location for all users
0
 
LVL 25

Expert Comment

by:slam69
Comment Utility
to create the .ref file manually

open notepad and copy and paste the following replacing the data typen and value variables, if unsure though just export the key direct from a regiostry you have added it to

RegistryEditorVersion
Blank line
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\TrustManager\]
"cDefaultLaunchURLPerms"="DataType1:DataValue1"


save this as .reg file
0
 

Author Comment

by:vedprakashchoudhary
Comment Utility
This is ok for me that i will export the registry key for my pc where i have already these registry.

But how do i create a ADM file. Mean to say i would like to know the steps to configure ADM files.
the above step i can't able to understand.

Can you suggest what do you mean by these lines which you updated on your last update:
Create a log on script for the users you want this applied to within gpo and add teh following line to it

regedit.exe /s path of .reg file

where the .reg file is stored on an accessible location for all users.

please advise me describe step about how to create ADM file for above screen shot registry. Please help me its urgent for me. Trust i m really thankful for you guys
0
 
LVL 25

Expert Comment

by:slam69
Comment Utility
unsure myself how to create an ADM file its not the way i would do it I would add the key via a log on script

Open notepad

copy regedit.exe /s path of .reg file

and replace path of .reg file with the path to the .reg file you have.
Save the notepad file and then right click it change the file extension from .txt to .vbs

then assign the logon script to the group or users you want to assign it to.

if you dont  know how to assign a logon script to a user let me know
0
 
LVL 2

Expert Comment

by:HengTime
Comment Utility
I am sorry but i cant read the values on your screenshot.
I found another two links that might be helpful

MS Tech with various examples of .adm files

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/gp/admtgp.mspx

An answered question on exaclty this topic

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_22744954.html

the .adm file should look something like this... i havent tested and the you will have to set the values according to your needs (s.a)

CLASS USER
CATEGORY "Software"
POLICY "***YOUR PROCESS***"
KEYNAME "Software\Adobe\Acrobat Reader\7.0\TrustManager\"
VALUENAME "cDefaultLaunchURLPerms"
VALUEON "yes" VALUEOFF "no"
END POLICY
END CATEGORY

hope this was helpful
0
 

Author Comment

by:vedprakashchoudhary
Comment Utility
ok i have created Vbs file by following
regedit.exe /s HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\TrustManager\cDefaultLaunchURLPerms
and save it as a VBS extation.

Howver when i m  trying to open it by double click its giving me attached screen shot error

VB-error.JPG
0
 
LVL 25

Expert Comment

by:slam69
Comment Utility
NOOOOOOOO sorry think yuou have mis understood

when you export the key out of the reirty it will create a.reg file wherever you choose to save it. put the path to that .reg file in the VBS script

for example

regedit.exe /s c:\yourexportedfile.reg
0
 

Author Comment

by:vedprakashchoudhary
Comment Utility
This is not working for me please and not possible for me to do this through scripts on users profile. I want to know some alternative way.

Some one guide me what exactly needs to be done for adding above registry key through group policy.
0
 
LVL 25

Expert Comment

by:slam69
Comment Utility
why cant you do the script method it is a standard everyday process of creating a log on script performed by sys amins everyday?.

the alternative is the free plug in tool as decribed earlier or teh adm file solution. if you read all that post it tells you how to do it although im not convinced it will be successful.

log on script is the way to do it
0
 
LVL 2

Accepted Solution

by:
HengTime earned 250 total points
Comment Utility
since I still dont know all off your registry entry i cannot give you the .adm file

a basic template:

CLASS USER
  CATEGORY "YOUR_CATEGORY"
     POLICY "YOUR_POLICY"
     
       KEYNAME "Software\Adobe\Acrobat Reader\7.0\TrustManager\cDefaultLaunchURLPerms"
       EDITTEXT
       DEFAULT "YOUR_DEFAULT_VALUE"
       VALUENAME "YOUR_VALUE_NAME"
   
   END POLICY "YOUR_POLICY"
END CATEGORY  "YOUR_CATEGORY"

I recommend reading http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/gp/admtgp.mspx

Especially the section "How to Write a Simple .Adm File for Registry-based Group Policy"

You could also download NUTS from the site below. It includes an .reg to .adm converter which you can use to  create an .adm from your existing examply registry entry.

http://yizhar.mvps.org/

the link below will guide you through applying the .adm to your GPO...

http://www.petri.co.il/adding_new_administrative_templates_to_gpo.htm


0
Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

 

Author Comment

by:vedprakashchoudhary
Comment Utility
Please find the attached registry key which i want to deploye through group policy.
Below is the current registry path installed on all clients.
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0
We need to deploye additional TrustManger throug GP, It should be look like
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\TrustManager\cDefaultLaunchURLPerms

I think we can achieve this through ADM file. Please request you to please let me know the described procedure for this.
0
 
LVL 2

Expert Comment

by:HengTime
Comment Utility
I am sorry but i cant download or see  the attached registry file.

I really really recommend you to use the "regToAdm" Program included in the NUTS toolkit (download link in my last post).
Given an exported registry entry it will automatically generate an appropriate adm file

0
 
LVL 2

Expert Comment

by:HengTime
Comment Utility
for example if given:

[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\AdobeViewer]
"TrustedMode"=dword:00000000


it will generate

CLASS USER

CATEGORY "Software\Adobe\Acrobat Reader\7.0\AdobeViewer"
KEYNAME "Software\Adobe\Acrobat Reader\7.0\AdobeViewer"

 POLICY "TrustedMode"
  PART "TrustedMode"
  NUMERIC
  VALUENAME "TrustedMode"
  END PART
 END POLICY

END CATEGORY

You might have to change the policy name but thats all....
0
 

Author Comment

by:vedprakashchoudhary
Comment Utility
HengTime:-
Thanks, now i have ADM file with me with the help of nuts. Can you please guide how do i apply this with GP.
0
 

Author Comment

by:vedprakashchoudhary
Comment Utility
Please find attached adm file and now i want to add this ADM with GP.

these are the points which i have already followed:-
1. On domain controller.
2. Open Test GP
3. On computer configureation
4. Under computer configuration\administrative templates
5. Under Administrative templates i have add this Shostperms.adm file.
6. close the GP
7.However GP console not showing any additonal settings on Test gp.

Can you please guide is their any point which i m missing
0
 
LVL 2

Expert Comment

by:HengTime
Comment Utility
Have you tried disabling the GPO Settings Filtering?

If not ...

1.  browse to the newly added Administrative Template section.
2.  Right-click an empty spot in the right pane and select View > Filtering.
3.  In the Filtering window click to un-mark the "Only show policy settings that can be fully managed" option. Then click Ok.
4.  Notice how the available options are now displayed in the right pane.

(Copied from the guide...)



0
 

Author Comment

by:vedprakashchoudhary
Comment Utility
Hengtime:- Thanks for your advise, But i already did this, Unfornetely i missed out to mension this point on my last note.
0
 

Author Comment

by:vedprakashchoudhary
Comment Utility
Any other comments on this please..
0
 
LVL 25

Expert Comment

by:slam69
Comment Utility
Log on script.........
0
 
LVL 2

Expert Comment

by:HengTime
Comment Utility
oh i still got an idea...
 since you wanted to add a reg key to USER the adm file probalby has CLASS USER written in it and is hence (should be) added under the "user configuration" section in GP Console. Try looking there.. if you havent already done so..
0
 

Author Comment

by:vedprakashchoudhary
Comment Utility
Slam i only want to achieve this through ADM only.. As log on script could be possible but no match to my expection as their is lotus of difficult to apply script.
Please advise more if you could do this through ADM.

Although i have already created ADM with Nuts tool, and also tried to apply with above steps, but no luck!!
0
 
LVL 2

Expert Comment

by:HengTime
Comment Utility
and yupp... logon script are quite useful :)
0
 
LVL 25

Assisted Solution

by:slam69
slam69 earned 250 total points
Comment Utility
Ok before you posted you asked how to do this and wasnt even aware of ADM before the post. as far as im aware the most consistent approach for making sure a registry key is added to users hives is via a log on script or a gp plug in editor

I have advised how to do this the method you are trying to do is not one i would employ, i dont understand why you would want to do through ADM so sincerly when as far as i can tell from the start of this post you didnt know ADM existed?
0
 
LVL 25

Expert Comment

by:slam69
Comment Utility
I feel this question has been answered fully in a couple of diffrent ways at least a PAQ no refund the solutions offered by both myself and the other expert are completely valid for how to resolve the question as it was originally posted, in honesty a split would be the fairest option
0
 
LVL 2

Expert Comment

by:HengTime
Comment Utility
I fully agree with slam69
0
 
LVL 2

Expert Comment

by:HengTime
Comment Utility
i think  21770280  contains all the information/references needed.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now