Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.
Course Of The Month
5 days, 7 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
REG or GPO - Who wins if both set
Posted on 2016-08-02
A setting that can set by either a change via regedit or set via a group policy, than which setting will take priority ?
Am I right in thinking that settings via group policy just get written in the registry in a "special" location 'policies' ...
Example - The GPO might write key/values here
HKEY_LOCAL_MACHINE\SOFTWAR
Example - The historical place to change the settings
HKEY_LOCAL_MACHINE\SOFTWAR
I've had this question in my head for over 10 years - never got around to asking!
thanks
Am I right in thinking that settings via group policy just get written in the registry in a "special" location 'policies' ...
Example - The GPO might write key/values here
HKEY_LOCAL_MACHINE\SOFTWAR
Example - The historical place to change the settings
HKEY_LOCAL_MACHINE\SOFTWAR
I've had this question in my head for over 10 years - never got around to asking!
thanks
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
5
3
- +1
13 Comments
Active today
AFAIK either can overwrite the other, but only GPO can "back itself out" after you rescind the policy...
Active today
This article has an explanation that should answer your question. Essentially, "GP" settings trump "preference" settings when applied. "GP Preference" settings (registry changes made by GP) behave in a slightly different, hybrid way (there are some roll back and 'apply once' setting options).
Active today
Group Policies directly modify registry settings. That's all anything set by Administrative Templates in a GPO are...registry modifications. Group Policy will always over-write what you set by directly modifying the registry, so if you make a configuration change in the registry and then create a GPO that modifies the same registry key, the GPO will win.
The example you give is not how it works. Group Policy does not set things in a special section of the registry. It changes the registry to cause the OS to operate according to the description of the policy.
If you open up an ADMX file and read it, you'll see that it is literally just putting a more easily understood UI onto a boatload of registry tweaks. If you have permission to modify the registry, you can actually change the settings control by group policy by changing the registry key values, but they will revert to the group policy settings as soon as the Group Policy refreshes itself. Otherwise, group policy would be completely useless as a method of enforcing policies.
The example you give is not how it works. Group Policy does not set things in a special section of the registry. It changes the registry to cause the OS to operate according to the description of the policy.
If you open up an ADMX file and read it, you'll see that it is literally just putting a more easily understood UI onto a boatload of registry tweaks. If you have permission to modify the registry, you can actually change the settings control by group policy by changing the registry key values, but they will revert to the group policy settings as soon as the Group Policy refreshes itself. Otherwise, group policy would be completely useless as a method of enforcing policies.
Active today
I argue that my question adequately answered the question- both in writing and in the link shared for detailed information straight from Microsoft. I recommend that we split the points 250/250.
Active today
Given that the link provided explains the difference between setting a Group Policy and a Group Policy Preference, it does not sufficiently answer the question. The question is regarding whether or not modifying the registry through regedit or similar means will over-ride settings deployed by group policy. Deploying the registry modifications through preferences is not part of the equation (given the statement that the question has been in his mind for 10 years or more, while preferences did not exist before server 2008).
My response addressed the apparent misunderstanding the requester had regarding how Group Policies are applied the the Registry. Specifically that Group Policy settings were stored in a different location in the registry than would be modified to achieve the same result in Regedit. This is not the case, since Group Policy settings directly modify the settings that would be modified in Regedit manually to change the setting. Attempting to modify the registry manually with a Group Policy in effect will not change the setting for very long, since it will be immediately changed back to the Group Policy setting's value as soon as Group Policy is refreshed.
My response addressed the apparent misunderstanding the requester had regarding how Group Policies are applied the the Registry. Specifically that Group Policy settings were stored in a different location in the registry than would be modified to achieve the same result in Regedit. This is not the case, since Group Policy settings directly modify the settings that would be modified in Regedit manually to change the setting. Attempting to modify the registry manually with a Group Policy in effect will not change the setting for very long, since it will be immediately changed back to the Group Policy setting's value as soon as Group Policy is refreshed.
Active today
Again, I object and recommend the points be split. My explanation includes GPOs vs applying registry settings via Preferences- which includes how the GP can apply once, or have rollback which is how it changes or doesn't change an update in regedit. It is a sufficient explanation with a robust article to support it.
If we can't agree on that then the question will require another party to resolve.
If we can't agree on that then the question will require another party to resolve.
Active today
Dustin, The question isn't about deploying registry settings via preferences...
Group Policy settings (The Administrative Template branch, at least), at their core, are registry modifications. The question is whether setting the policy with an Administrative Template GPO will over-ride a modification through regedit. It has nothing to do with registry settings deployed by a GPO preference.
I'm trying to point out these facts so other people (and you) can learn from it. I don't care so much about the points as I care about the answer being completely accurate and useful for people in the future, when it inevitably comes up in a google search. Please, re-read the question entirely and explain how Group Policy Preferences enters into it if you still think your answer addresses the issue.
A setting that can set by either a change via regedit or set via a group policy, than which setting will take priority ?
Group Policy settings (The Administrative Template branch, at least), at their core, are registry modifications. The question is whether setting the policy with an Administrative Template GPO will over-ride a modification through regedit. It has nothing to do with registry settings deployed by a GPO preference.
I'm trying to point out these facts so other people (and you) can learn from it. I don't care so much about the points as I care about the answer being completely accurate and useful for people in the future, when it inevitably comes up in a google search. Please, re-read the question entirely and explain how Group Policy Preferences enters into it if you still think your answer addresses the issue.
Active today
I'm not going to argue this with you, we'll leave the question for a third party to close.
Active 3 days ago
Adams answer makes the most sense of my question, but i did also learn from Dustins comments, although not really part of my original question.
Featured Post
Managing Active Directory does not always have to be complicated. If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Suggested Solutions
| Title | # Comments | Views | Activity |
|---|---|---|---|
| Group Policy | 5 | 19 | |
| Script for automatic service restart | 6 | 43 | |
| Screen saver problem | 6 | 29 | |
| Duplicate SPN entries | 1 | 23 |
An article on effective troubleshooting
Configuring Remote Assistance for use with SCCM
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability.
This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
- Windows 10
- Windows Vista
- Windows 8
- Windows OS
- Windows 7
- *Scripts, Microsoft Legacy OS, *task scheduler, Windows XP
Suggested Courses
Course of the Month5 days, 7 hours left to enroll
734 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.