• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 684
  • Last Modified:

Custom .adm template in GPO is applied but not restrictive

I have an .adm file I used to restrict the showing of Hidden files in XP sp2. The policy is applied to the client when I do gpupdate /force however the client can still make changes to this setting and when they make the change to allow hidden folders and then logoff and login again the setting to allow hidden is still applied.  I do not want them to be able to make any changes to this.  I know I can remove the entire Folder Options in the default adm but I want the user to use the Folder Options.  I included the adm file.  I am using Windows 2003 srv pack 2 server.
CLASS USER
CATEGORY "System"
CATEGORY "Folders Files"
POLICY "Hide\Show Hidden Files"
EXPLAIN "This setting will allow for you to set the show and hide files and folders by default Keep in mind that this information will be stored in cleartext in the systems registry."
KEYNAME "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
 
PART "SetThis" NUMERIC REQUIRED TXTCONVERT
VALUENAME "Hidden"
MIN 1 MAX 2 DEFAULT "2"
END PART
 
 
END POLICY
END CATEGORY
END CATEGORY

Open in new window

0
Greg Duffin
Asked:
Greg Duffin
  • 2
1 Solution
 
Henrik JohanssonSystems engineerCommented:
The keyname nead to refer to Policies hiearchy to make it restrictive. Otherwise, it will be classified as preference setting and make user able to change it.

A workaround is to force the registry value to be applied through logon script
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced / v Hidden /t REG_DWORD /d 2 /f

Open in new window

0
 
Greg DuffinAuthor Commented:
The reg add does nothing to stop the user, once logged into the PC they can change the option to show hidden files.
0
 
Henrik JohanssonSystems engineerCommented:
As I said, the users are able to change the setting as the policy is classified as preference setting.
It's correct that the 'reg add' will not restrict the users from changing the setting, but it will as workaround enforce the setting to be reset at next logon.
What I've found about this setting, it isn't possibly to prevent users from changing this.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now