Solved

Deploying reg file through group policy

Posted on 2011-02-14
7
5,622 Views
Last Modified: 2012-06-27
Hi,

I've been trying to deploy a reg file through group policy over the past few days but without any joy.  I've never had to do this before so any help would be much appreciated!  

I've followed the instructions on the below link.  However, I applied this under the Computer Configuration Node (rather than users), Policies, Windows Settings, Scripts (Startup/Shutdown).

http://blogs.technet.com/b/askds/archive/2007/08/14/deploying-custom-registry-changes-through-group-policy.aspx

In the Startup, I have put in the following:

EE1

The registry key is below.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"explorer.exe"=dword:00000001
"iexplore.exe"=dword:00000001
"*"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\1]
"mhtml"="mhtml"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\2]
"mhtml"="mhtml"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\3]
"mhtml"="mhtml"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\4]
"mhtml"="mhtml"


I have also dropped the file into the Show Files location.

In the group policy I have Security Filtering enabled.  We have created computer security groups which have been assigned to the policy.  Authenticated users are also in the Security Filtering.

When I run the Group Policy Modeling Wizard this shows that the GPO is being applied.

Also, when we start up the clients PCs, Resultant Set of Policy is showing the policy as being applied.  However, when I got to regedit, it has not made the changes.

We are running Windows 7 PCs and Server 2008 domain controllers.

Am I missing something really simple?





0
Comment
Question by:asasupport
7 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 34887234
I would suggest using Group Policy Preferences for that.

 GPP
If you wish to deploy GPP to XP/2003 you need to first install Client Side Extension (CSE)
XP -> http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e60b5c8f-d7dc-4b27-a261-247ce3f6c4f8&displaylang=en
2003 -> http://www.microsoft.com/downloads/en/details.aspx?FamilyID=bfe775f9-5c34-44d0-8a94-44e47db35add&displaylang=en

Regards,
Krzysztof
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 34887285
If you are going to do it the way you are going it, I usually create a .cmd file and put the full command in that. I think that you would otherwise need to put regedit into the directory with the script.  I think that it's better to go with Krzysztof's suggestion, but it is more work to implement.

regedit /s \\domain.local\sysvol\.....\machine\startup\file.reg

Open in new window

0
 
LVL 11

Expert Comment

by:Tasmant
ID: 34887286
I think you're blocked by UAC on Windows7 and 2008.
When you run regedit /s on Windows7 computer, without command prompt with elevated privilege, UAC ask you if you want to bring modifications to registry.
I think you have two choices:
- use a batch file to launch regedit /s \\server\share\file.reg
- use commands REG to modify registry (like this: reg add HKCU\software /v test /t REG_DWORD /d 00000002), either directly or in a batch file.
Using Regedit i have the UAC prompt, with Reg commands i haven't it.
You could too disable UAC for all users, but is it really secure?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 13

Expert Comment

by:upalakshitha
ID: 34893394
Do you prefer to do this with custom ADM template
http://www.frickelsoft.net/blog/?p=62
0
 

Author Comment

by:asasupport
ID: 34895320
Thanks Krzysztof!!  I've managed to crack it!!

I did use the Group Policy Preferences.  Went into Computer Configuration>Preferences>Windows Settings>Registry>Right click>New>Registry Wizard

I saved the reg file I needed to deploy to a 32-bit client PC and then drilled down to the file location.

The key then appears in the group policy.

 EE2
Drill down to the key location.  Right click on each entry, Properties, and Replace.

 EE3
Once again excellent advice from Experts Exchange!

Regards,

Y
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34895335
I'm glad I could help :) You're welcome :)

Krzysztof
0
 

Author Closing Comment

by:asasupport
ID: 34895346
Many thanks Krzysztof!!  Using the Group Policy Preferences did the trick.  Being a numpty, I used the Registry Wizard.

Many thanks!!

Y
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now