Deploy registry key via GPO

Experts,

I thought this was easy but somehow I am messing this up. I need to push out the following new registry key value.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\Options]
"SQLSecurityCheck"=dword:00000000

I followed the steps here to do it the "easier way"

http://blogs.technet.com/askds/archive/2007/08/14/deploying-custom-registry-changes-through-group-policy.aspx

Am a missing something here? I wanted to try to d othis through custom ADM file but I am not sure how to modify the example to match my needs.

Thanks in advance for any help!

Raymo12Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mlongohCommented:
The easier way relies upon the .reg file being in the appropriate location.  Edit the GPO, User Configuration, Windows Settings, Scripts(Logon/Logoff) and double-click Logon to open Logon properties.

Select the existing entry that you created and click Show Files to open the GPO's logon script folder.  Copy the .reg file into that location and click OK and save changes to your GPO.

It's also necessary that the users that are logging on have rights to run regedit.exe.
0
Raymo12Author Commented:
I did place the reg file in that location. I did not think about users having rights to run regedit though..
0
mlongohCommented:
Are you also verifying that the users are processing the GPO?  The Group Policies Results Wizard in Group Policy Management Console will allow you to check if the workstation being checked is at least Windows XP.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Raymo12Author Commented:
On my test box the admin account shows it processed but the registry change did not apply. On my test account nothing processed but that me be because of that test account permissions.
0
mlongohCommented:
OK, try this.  Create a batch file (SQLREG.CMD) that looks like this:

@ECHO OFF
REGEDIT /s SQLREG.REG

And put it in the same folder as the .REG file (replace SQLREG.REG with whatever the name of your reg file is).

Then manually copy it to your test workstation, logon as test users and run SQLREG.CMD and see if the registry gets created.

If it does then you know that the problem is in your GPO, if not then you know that it's in the attempt to run regedit.

Also, I think that you have to have the parent registry keys created as well. For example, the key that's being created is in HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\Options, and I think that you need to have HKEY_CURRENT_USER\Software\Microsoft\Office\12.0 and HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word and HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\Options created before the "SQLSecurityCheck" can be created.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Raymo12Author Commented:
it must be my GPO because the batch file test worked with my test account.

Also those parent keys do exist already.

I wonder what is up with my GPO then?
0
mlongohCommented:
Change the GPO to run the CMD file (make sure the CMD file is in the same folder as the .REG file).
0
Raymo12Author Commented:
Would I just change that at user config > windows settings > scripts > logon > and just point it to the bat file or do I need a parameter too?
0
mlongohCommented:
Open the properties of the GPO, and open the Logon script properties, click the Show Files, copy the batch file to the folder that opens.  Then select the existing entry (Regedit) and click Remove and then click Add and add the batch file in with no parameters.  Save changes and test after about 5 minutes.
0
Raymo12Author Commented:
Looks like it worked. Thank you very much for all your help!
0
Raymo12Author Commented:
Really appreciate the help!
0
Glenn BiloccaIT AdminCommented:
Hi All,

Unfortunately i can't make this work. I am trying to do this on Office 2013 but it doesn't seems to work for me ?

Is there any other solution for this?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.