How to add registry key for windows xp machines through group policy ( windows 2003 group policy)

I am trying to deploye one additional registry key for my entire desktops through computer based group policy.

The registry key which i want to add on computer policy is follow:-
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\TrustManager\cDefaultLaunchURLPerms

Can anyboddy please advise me how do i add this registry key in GP for all my computers.

vedprakashchoudharyAsked:
Who is Participating?
 
HengTimeConnect With a Mentor Commented:
since I still dont know all off your registry entry i cannot give you the .adm file

a basic template:

CLASS USER
  CATEGORY "YOUR_CATEGORY"
     POLICY "YOUR_POLICY"
     
       KEYNAME "Software\Adobe\Acrobat Reader\7.0\TrustManager\cDefaultLaunchURLPerms"
       EDITTEXT
       DEFAULT "YOUR_DEFAULT_VALUE"
       VALUENAME "YOUR_VALUE_NAME"
   
   END POLICY "YOUR_POLICY"
END CATEGORY  "YOUR_CATEGORY"

I recommend reading http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/gp/admtgp.mspx

Especially the section "How to Write a Simple .Adm File for Registry-based Group Policy"

You could also download NUTS from the site below. It includes an .reg to .adm converter which you can use to  create an .adm from your existing examply registry entry.

http://yizhar.mvps.org/

the link below will guide you through applying the .adm to your GPO...

http://www.petri.co.il/adding_new_administrative_templates_to_gpo.htm


0
 
slam69Commented:
gp isnt the best way to do it on its own, personall i would have a batch file called as part of the log on script that added teh key, but this site tells you of a console plug in that lets you adminsitrate registry keys through gpo directly
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
vedprakashchoudharyAuthor Commented:
Link which you have given me is not ok for me as it asking for install a free toll, Trust we are not suppose to install any free toll in our orginzation.
I m looking some more helpful link from your side and apart from that how can i do that through script. Please let me know the same also with full details. This is urgent for me please help!!

Thanks in advance.
0
 
HengTimeCommented:
0
 
vedprakashchoudharyAuthor Commented:
Can you please help to create ADM file for my requirement. Please find the attached screen shot for one of my client machine where these registry key already excists.

I want to add below registry key on every client machine for Adobe trust version.
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\TrustManager\cDefaultLaunchURLPerms



Adobe.JPG
0
 
slam69Commented:
ok add the key manually first time and then export the key to a .reg file ( or create it manually ill show you how in a second)
Create a log on script for the users you want this applied to within gpo and add teh following line to it

regedit.exe /s path of .reg file

where the .reg file is stored on an accessible location for all users
0
 
slam69Commented:
to create the .ref file manually

open notepad and copy and paste the following replacing the data typen and value variables, if unsure though just export the key direct from a regiostry you have added it to

RegistryEditorVersion
Blank line
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\TrustManager\]
"cDefaultLaunchURLPerms"="DataType1:DataValue1"


save this as .reg file
0
 
vedprakashchoudharyAuthor Commented:
This is ok for me that i will export the registry key for my pc where i have already these registry.

But how do i create a ADM file. Mean to say i would like to know the steps to configure ADM files.
the above step i can't able to understand.

Can you suggest what do you mean by these lines which you updated on your last update:
Create a log on script for the users you want this applied to within gpo and add teh following line to it

regedit.exe /s path of .reg file

where the .reg file is stored on an accessible location for all users.

please advise me describe step about how to create ADM file for above screen shot registry. Please help me its urgent for me. Trust i m really thankful for you guys
0
 
slam69Commented:
unsure myself how to create an ADM file its not the way i would do it I would add the key via a log on script

Open notepad

copy regedit.exe /s path of .reg file

and replace path of .reg file with the path to the .reg file you have.
Save the notepad file and then right click it change the file extension from .txt to .vbs

then assign the logon script to the group or users you want to assign it to.

if you dont  know how to assign a logon script to a user let me know
0
 
HengTimeCommented:
I am sorry but i cant read the values on your screenshot.
I found another two links that might be helpful

MS Tech with various examples of .adm files

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/gp/admtgp.mspx

An answered question on exaclty this topic

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_22744954.html

the .adm file should look something like this... i havent tested and the you will have to set the values according to your needs (s.a)

CLASS USER
CATEGORY "Software"
POLICY "***YOUR PROCESS***"
KEYNAME "Software\Adobe\Acrobat Reader\7.0\TrustManager\"
VALUENAME "cDefaultLaunchURLPerms"
VALUEON "yes" VALUEOFF "no"
END POLICY
END CATEGORY

hope this was helpful
0
 
vedprakashchoudharyAuthor Commented:
ok i have created Vbs file by following
regedit.exe /s HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\TrustManager\cDefaultLaunchURLPerms
and save it as a VBS extation.

Howver when i m  trying to open it by double click its giving me attached screen shot error

VB-error.JPG
0
 
slam69Commented:
NOOOOOOOO sorry think yuou have mis understood

when you export the key out of the reirty it will create a.reg file wherever you choose to save it. put the path to that .reg file in the VBS script

for example

regedit.exe /s c:\yourexportedfile.reg
0
 
vedprakashchoudharyAuthor Commented:
This is not working for me please and not possible for me to do this through scripts on users profile. I want to know some alternative way.

Some one guide me what exactly needs to be done for adding above registry key through group policy.
0
 
slam69Commented:
why cant you do the script method it is a standard everyday process of creating a log on script performed by sys amins everyday?.

the alternative is the free plug in tool as decribed earlier or teh adm file solution. if you read all that post it tells you how to do it although im not convinced it will be successful.

log on script is the way to do it
0
 
vedprakashchoudharyAuthor Commented:
Please find the attached registry key which i want to deploye through group policy.
Below is the current registry path installed on all clients.
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0
We need to deploye additional TrustManger throug GP, It should be look like
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\TrustManager\cDefaultLaunchURLPerms

I think we can achieve this through ADM file. Please request you to please let me know the described procedure for this.
0
 
HengTimeCommented:
I am sorry but i cant download or see  the attached registry file.

I really really recommend you to use the "regToAdm" Program included in the NUTS toolkit (download link in my last post).
Given an exported registry entry it will automatically generate an appropriate adm file

0
 
HengTimeCommented:
for example if given:

[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\7.0\AdobeViewer]
"TrustedMode"=dword:00000000


it will generate

CLASS USER

CATEGORY "Software\Adobe\Acrobat Reader\7.0\AdobeViewer"
KEYNAME "Software\Adobe\Acrobat Reader\7.0\AdobeViewer"

 POLICY "TrustedMode"
  PART "TrustedMode"
  NUMERIC
  VALUENAME "TrustedMode"
  END PART
 END POLICY

END CATEGORY

You might have to change the policy name but thats all....
0
 
vedprakashchoudharyAuthor Commented:
HengTime:-
Thanks, now i have ADM file with me with the help of nuts. Can you please guide how do i apply this with GP.
0
 
vedprakashchoudharyAuthor Commented:
Please find attached adm file and now i want to add this ADM with GP.

these are the points which i have already followed:-
1. On domain controller.
2. Open Test GP
3. On computer configureation
4. Under computer configuration\administrative templates
5. Under Administrative templates i have add this Shostperms.adm file.
6. close the GP
7.However GP console not showing any additonal settings on Test gp.

Can you please guide is their any point which i m missing
0
 
HengTimeCommented:
Have you tried disabling the GPO Settings Filtering?

If not ...

1.  browse to the newly added Administrative Template section.
2.  Right-click an empty spot in the right pane and select View > Filtering.
3.  In the Filtering window click to un-mark the "Only show policy settings that can be fully managed" option. Then click Ok.
4.  Notice how the available options are now displayed in the right pane.

(Copied from the guide...)



0
 
vedprakashchoudharyAuthor Commented:
Hengtime:- Thanks for your advise, But i already did this, Unfornetely i missed out to mension this point on my last note.
0
 
vedprakashchoudharyAuthor Commented:
Any other comments on this please..
0
 
slam69Commented:
Log on script.........
0
 
HengTimeCommented:
oh i still got an idea...
 since you wanted to add a reg key to USER the adm file probalby has CLASS USER written in it and is hence (should be) added under the "user configuration" section in GP Console. Try looking there.. if you havent already done so..
0
 
vedprakashchoudharyAuthor Commented:
Slam i only want to achieve this through ADM only.. As log on script could be possible but no match to my expection as their is lotus of difficult to apply script.
Please advise more if you could do this through ADM.

Although i have already created ADM with Nuts tool, and also tried to apply with above steps, but no luck!!
0
 
HengTimeCommented:
and yupp... logon script are quite useful :)
0
 
slam69Connect With a Mentor Commented:
Ok before you posted you asked how to do this and wasnt even aware of ADM before the post. as far as im aware the most consistent approach for making sure a registry key is added to users hives is via a log on script or a gp plug in editor

I have advised how to do this the method you are trying to do is not one i would employ, i dont understand why you would want to do through ADM so sincerly when as far as i can tell from the start of this post you didnt know ADM existed?
0
 
slam69Commented:
I feel this question has been answered fully in a couple of diffrent ways at least a PAQ no refund the solutions offered by both myself and the other expert are completely valid for how to resolve the question as it was originally posted, in honesty a split would be the fairest option
0
 
HengTimeCommented:
I fully agree with slam69
0
 
HengTimeCommented:
i think  21770280  contains all the information/references needed.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.