Solved

Group Policy best practice for startup scripts

Posted on 2013-05-15
5
602 Views
Last Modified: 2013-05-22
Two questions:

1. Startup Script
In a batch (.bat) file do I need to specify the the whole path to call .reg files setting.

regedit.exe /s /f  "\\xx.domain.xx\SysVol\xx.more.xxx\Policies\{xxx-xxx-xx-xxx-xx}\Machine\Scripts\Startup\myhklm.reg"

Open in new window


or this this ok in the .bat because the file is located in working directory.

regedit.exe /s /f  myhklm.reg

Open in new window


which is the perfered best practice.
 
2. Where should HKEY_CLASSES_ROOT (HKCR) reg fixes be applied.
In the startup script I was thinking?
0
Comment
Question by:DCSIMVT
  • 2
  • 2
5 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 500 total points
Comment Utility
Have you thought about doing this using group policy preferences

http://technet.microsoft.com/en-us/library/cc753092.aspx

Thanks

Mike
0
 

Author Comment

by:DCSIMVT
Comment Utility
Yes, but I figured it would be easier to update settings on the fly by just modifing the reg file.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
Comment Utility
I've always gone with the first method.  It would also be easy to modify the GP Preferences and then you don't' have to worry about startup scripts.

Test both out in a lab

Thanks

Mike
0
 

Author Comment

by:DCSIMVT
Comment Utility
I found it would if I did not do the whole path it would not work.

where should HKEY_CLASSES_ROOT (HKCR) be applied startup script??
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
-If I may interfere-

Yes, startup script. I wanted to comment on
>  I figured it would be easier to update settings on the fly by just modifing the reg file.
Not at all. The regfile needs a new logon or (for HKCR and HKLM) even a restart. think of users who only put their computers to sleep - it would no be at all like an on-the-fly-change. With GPPs, you could even enforce such a a change right now using tools like specops gpupdate (http://www.specopssoft.com/documentation/specops-gpupdate-documentation ). It would make on the fly possible.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Article by: Lee
Windows 7 Ultimate and Enterprise (and 2008 R2) introduced a new feature you may not be aware of - Boot from VHD.   Boot from VHD (or what Microsoft refers to asNative Boot allows you to install Windows to a VHD (Virtual Hard Disk) file that is t…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now