Solved

Group Policy best practice for startup scripts

Posted on 2013-05-15
5
638 Views
Last Modified: 2013-05-22
Two questions:

1. Startup Script
In a batch (.bat) file do I need to specify the the whole path to call .reg files setting.

regedit.exe /s /f  "\\xx.domain.xx\SysVol\xx.more.xxx\Policies\{xxx-xxx-xx-xxx-xx}\Machine\Scripts\Startup\myhklm.reg"

Open in new window


or this this ok in the .bat because the file is located in working directory.

regedit.exe /s /f  myhklm.reg

Open in new window


which is the perfered best practice.
 
2. Where should HKEY_CLASSES_ROOT (HKCR) reg fixes be applied.
In the startup script I was thinking?
0
Comment
Question by:DCSIMVT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 500 total points
ID: 39167952
Have you thought about doing this using group policy preferences

http://technet.microsoft.com/en-us/library/cc753092.aspx

Thanks

Mike
0
 

Author Comment

by:DCSIMVT
ID: 39167997
Yes, but I figured it would be easier to update settings on the fly by just modifing the reg file.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 39168083
I've always gone with the first method.  It would also be easy to modify the GP Preferences and then you don't' have to worry about startup scripts.

Test both out in a lab

Thanks

Mike
0
 

Author Comment

by:DCSIMVT
ID: 39169088
I found it would if I did not do the whole path it would not work.

where should HKEY_CLASSES_ROOT (HKCR) be applied startup script??
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39169618
-If I may interfere-

Yes, startup script. I wanted to comment on
>  I figured it would be easier to update settings on the fly by just modifing the reg file.
Not at all. The regfile needs a new logon or (for HKCR and HKLM) even a restart. think of users who only put their computers to sleep - it would no be at all like an on-the-fly-change. With GPPs, you could even enforce such a a change right now using tools like specops gpupdate (http://www.specopssoft.com/documentation/specops-gpupdate-documentation ). It would make on the fly possible.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question