[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Group Policy Registry Wizard

Posted on 2014-01-17
5
Medium Priority
?
317 Views
Last Modified: 2015-06-23
I have been using the GP to push registry settings to my users. I have been entering each item individually. I now have a key with many folders and items and noticed there was a Registry Wizard in GP. I ran that and pointed to the computer that had the settings and I checked all the items I wanted. I did this for HKLM

I browsed afterwards and they seem to all be there. Even when I go to settings of that GP, I see all the keys populated correctly.

However, I don't see the items in the registry of the user computer.
Also if I run the GP Policy Wizard and choose that PC and that user, it shows all the keys but it shows as HKCU even though it was set as HKLM. But when I check under HKCU of that machine it is not there either. I have not used the Registry Wizard in GP before but it seemed simple enough.

If anyone has any inside in what might have gone wrong, it would be greatly appreciated.

Thanks,
0
Comment
Question by:swenger7
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 17

Expert Comment

by:Tony Massa
ID: 39789754
I tried this on Win7 and Win8 clients (both 64-bit) from a test domain controller (2012).  After several reboots/logoff-logon attempts, the Win7 client got the registry settings for both HKCU and HKLM.

On the Win8 PC, my user settings (HKCU) did apply to my test user account, but the computer settings (HKLM) have not applied.  GroupPolicy/Operational log looks clean for both, so I'm not sure why it's being so flaky.

I also tried without using the wizard and HKLM\Software registry entries didn't apply on "update" or "create", initially, but eventually, the Win7 computer got all of them that were both set for "update" and "create".

These are the only 3 systems in my "lab", so there isn't any issue with connectivity, so I'm a little skeptical of the GPP registry pushes.  It seems odd as I've almost never had an issue with a GPO doing this sort of thing with a custom ADM in the past.  You may just have to be a little more patient with it and let the clients "naturally" get the policies through reboot(s)/background refresh.
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39791216
What version of client OS you are trying to install registry ?

For windows XP, you must 1st deploy CSE on windows XP to support GP preferences
http://www.microsoft.com/en-in/download/details.aspx?id=3628

You can use GP preferences to deploy GPO to users \ computers

Let me know GPO need to be created for some users and there specific computers only or for all users in domain ?

If it is required for all users in domain, then you can use below approach.
You need to apply GPO on OU containing computers
There you need to create new GPO and in User Configuration \ GP Preference add required registry entry with update mode
Then you need enable Loopback processing mode in replace mode under Computer config\administrative templates\system in same GPO
The above setting will ensure that GPO will apply to all users who logged on those Computers in OU.

Now just run gpupdate /force on DC and client computers and once reboot client computer and check if Policy is getting applied or not as expected

Also run gpresult /h <html file path> to check if GPO is applied or not
Also run rsop.msc on client computer and check if it is showing  there

If GPO need to be applied on few users, then you can apply above GPO to OU containing users, you may use security filtering for applying GPO to specific users (by adding them in a groups and those groups need to be replaced with authenticated users on security filtering of GPO so that GPO will apply to only those users.
Also in that case GPO loop back processing enablement is not required in that case

Mahesh
0
 

Accepted Solution

by:
swenger7 earned 0 total points
ID: 39827103
In the same GPO, I have the registry wizard pushed as well as some other specific registry keys. The specific keys are pushed. Just not the wizard keys. In any case I just manually entered each key that the wizard would have pushed individually in the GPO and that worked. It was more work for me but did the job.
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40845858
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question