Link to home
Start Free TrialLog in
Avatar of vedprakashchoudhary
vedprakashchoudharyFlag for India

asked on

How to add registry key for windows xp machines through group policy ( windows 2003 group policy)

I am trying to deploye one additional registry key for my entire desktops through computer based group policy.

The registry key which i want to add on computer policy is follow:-
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\TrustManager\cDefaultLaunchURLPerms

Can anyboddy please advise me how do i add this registry key in GP for all my computers.

Avatar of slam69
slam69
Flag of United Kingdom of Great Britain and Northern Ireland image

gp isnt the best way to do it on its own, personall i would have a batch file called as part of the log on script that added teh key, but this site tells you of a console plug in that lets you adminsitrate registry keys through gpo directly
Avatar of vedprakashchoudhary

ASKER

Link which you have given me is not ok for me as it asking for install a free toll, Trust we are not suppose to install any free toll in our orginzation.
I m looking some more helpful link from your side and apart from that how can i do that through script. Please let me know the same also with full details. This is urgent for me please help!!

Thanks in advance.
Avatar of HengTime
HengTime

Can you please help to create ADM file for my requirement. Please find the attached screen shot for one of my client machine where these registry key already excists.

I want to add below registry key on every client machine for Adobe trust version.
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\TrustManager\cDefaultLaunchURLPerms



Adobe.JPG
ok add the key manually first time and then export the key to a .reg file ( or create it manually ill show you how in a second)
Create a log on script for the users you want this applied to within gpo and add teh following line to it

regedit.exe /s path of .reg file

where the .reg file is stored on an accessible location for all users
to create the .ref file manually

open notepad and copy and paste the following replacing the data typen and value variables, if unsure though just export the key direct from a regiostry you have added it to

RegistryEditorVersion
Blank line
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\TrustManager\]
"cDefaultLaunchURLPerms"="DataType1:DataValue1"


save this as .reg file
This is ok for me that i will export the registry key for my pc where i have already these registry.

But how do i create a ADM file. Mean to say i would like to know the steps to configure ADM files.
the above step i can't able to understand.

Can you suggest what do you mean by these lines which you updated on your last update:
Create a log on script for the users you want this applied to within gpo and add teh following line to it

regedit.exe /s path of .reg file

where the .reg file is stored on an accessible location for all users.

please advise me describe step about how to create ADM file for above screen shot registry. Please help me its urgent for me. Trust i m really thankful for you guys
unsure myself how to create an ADM file its not the way i would do it I would add the key via a log on script

Open notepad

copy regedit.exe /s path of .reg file

and replace path of .reg file with the path to the .reg file you have.
Save the notepad file and then right click it change the file extension from .txt to .vbs

then assign the logon script to the group or users you want to assign it to.

if you dont  know how to assign a logon script to a user let me know
I am sorry but i cant read the values on your screenshot.
I found another two links that might be helpful

MS Tech with various examples of .adm files

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/gp/admtgp.mspx

An answered question on exaclty this topic

https://www.experts-exchange.com/questions/22744954/Deploy-registry-key-using-adm-file.html

the .adm file should look something like this... i havent tested and the you will have to set the values according to your needs (s.a)

CLASS USER
CATEGORY "Software"
POLICY "***YOUR PROCESS***"
KEYNAME "Software\Adobe\Acrobat Reader\7.0\TrustManager\"
VALUENAME "cDefaultLaunchURLPerms"
VALUEON "yes" VALUEOFF "no"
END POLICY
END CATEGORY

hope this was helpful
ok i have created Vbs file by following
regedit.exe /s HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\TrustManager\cDefaultLaunchURLPerms
and save it as a VBS extation.

Howver when i m  trying to open it by double click its giving me attached screen shot error

VB-error.JPG
NOOOOOOOO sorry think yuou have mis understood

when you export the key out of the reirty it will create a.reg file wherever you choose to save it. put the path to that .reg file in the VBS script

for example

regedit.exe /s c:\yourexportedfile.reg
This is not working for me please and not possible for me to do this through scripts on users profile. I want to know some alternative way.

Some one guide me what exactly needs to be done for adding above registry key through group policy.
why cant you do the script method it is a standard everyday process of creating a log on script performed by sys amins everyday?.

the alternative is the free plug in tool as decribed earlier or teh adm file solution. if you read all that post it tells you how to do it although im not convinced it will be successful.

log on script is the way to do it
ASKER CERTIFIED SOLUTION
Avatar of HengTime
HengTime

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Please find the attached registry key which i want to deploye through group policy.
Below is the current registry path installed on all clients.
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0
We need to deploye additional TrustManger throug GP, It should be look like
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\TrustManager\cDefaultLaunchURLPerms

I think we can achieve this through ADM file. Please request you to please let me know the described procedure for this.
I am sorry but i cant download or see  the attached registry file.

I really really recommend you to use the "regToAdm" Program included in the NUTS toolkit (download link in my last post).
Given an exported registry entry it will automatically generate an appropriate adm file

for example if given:

[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\AdobeViewer]
"TrustedMode"=dword:00000000


it will generate

CLASS USER

CATEGORY "Software\Adobe\Acrobat Reader\7.0\AdobeViewer"
KEYNAME "Software\Adobe\Acrobat Reader\7.0\AdobeViewer"

 POLICY "TrustedMode"
  PART "TrustedMode"
  NUMERIC
  VALUENAME "TrustedMode"
  END PART
 END POLICY

END CATEGORY

You might have to change the policy name but thats all....
HengTime:-
Thanks, now i have ADM file with me with the help of nuts. Can you please guide how do i apply this with GP.
Please find attached adm file and now i want to add this ADM with GP.

these are the points which i have already followed:-
1. On domain controller.
2. Open Test GP
3. On computer configureation
4. Under computer configuration\administrative templates
5. Under Administrative templates i have add this Shostperms.adm file.
6. close the GP
7.However GP console not showing any additonal settings on Test gp.

Can you please guide is their any point which i m missing
Have you tried disabling the GPO Settings Filtering?

If not ...

1.  browse to the newly added Administrative Template section.
2.  Right-click an empty spot in the right pane and select View > Filtering.
3.  In the Filtering window click to un-mark the "Only show policy settings that can be fully managed" option. Then click Ok.
4.  Notice how the available options are now displayed in the right pane.

(Copied from the guide...)



Hengtime:- Thanks for your advise, But i already did this, Unfornetely i missed out to mension this point on my last note.
Any other comments on this please..
Log on script.........
oh i still got an idea...
 since you wanted to add a reg key to USER the adm file probalby has CLASS USER written in it and is hence (should be) added under the "user configuration" section in GP Console. Try looking there.. if you havent already done so..
Slam i only want to achieve this through ADM only.. As log on script could be possible but no match to my expection as their is lotus of difficult to apply script.
Please advise more if you could do this through ADM.

Although i have already created ADM with Nuts tool, and also tried to apply with above steps, but no luck!!
and yupp... logon script are quite useful :)
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I feel this question has been answered fully in a couple of diffrent ways at least a PAQ no refund the solutions offered by both myself and the other expert are completely valid for how to resolve the question as it was originally posted, in honesty a split would be the fairest option
I fully agree with slam69
i think  21770280  contains all the information/references needed.