none
GPO Registry Editor RRS feed

  • Question

  • I'm using a Windows 2003 AD domain and need to push out several registry settings for various programs.  When I Googled for a registry tool and GPO, I found this link:http://www.desktopstandard.com/PolicyMakerRegistryExtension.aspx but it directs me to the MS site.  Can someone point me to a tool that would allow me to create a group policy object and then via the computer or the user settings in that GPO, send a registry key and its settings!
    \
    Thanks
    Tuesday, July 7, 2009 8:05 PM

Answers

  • Hi JJammer,

     

    Thank you for posting here, You can use Group Policy Preference policy to deploy registry settings.

    For more information, please refer to the following TechNet articles:

     

    Registry Extension

    http://technet.microsoft.com/en-us/library/cc771589.aspx

     

    Overview of Preferences

    http://technet.microsoft.com/en-us/library/cc732027.aspx

     

    You do not need to upgrade to Windows Server 2008 to use Group Policy Preference policies. You can configure a Group Policy preference item in a Windows Server 2003 environment from either a Windows Server 2008 server or a Windows Vista with Service Pack 1 client with RSAT update installed. If you do not have Windows Server 2008 server, you can download and install Remote Server Administration Tools on Windows Vista with SP1 on a Vista client to manage and configure them.

     

    The CSEs for the new Group Policy preference functionality are required in Windows XP Service Pack 2 (SP2), Windows Server 2003 Service Pack 1 (SP1), and Windows Vista to process the new preference items. To download and install CSEs, please refer to the following link:

     

    Information about new Group Policy preferences in Windows Server 2008

    http://support.microsoft.com/kb/943729

     

    -----------------------------------------------------------

     

    Notes: If you don’t have Windows server 2008 or Windows Vista with SP1 client in your current environment, you need to write a custom ADM file according to the registry change and input this file into group policy on the DC.

     

    ·         Here is a link to KB that discusses the process of creating custom ADM files:
    225087 Writing Custom ADM Files for System Policy Editor
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;225087

    Additional resources on MSDN:

    http://msdn.microsoft.com/en-us/library/aa372405(VS.85).aspx

     

    ·         Steps to import a ADM file into group policy on a DC:

     

    1 Copy the attached "SampleADM.txt" file to %systemroot%\inf folder on a Domain Controller, and rename it to "SampleADM.adm"
    2 Create a new group policy object linked to the OU of interest or at the domain level (OU containing machines where you want to set the registry).
    3 Right click 'Administrative template' under Computer Configuration and select 'Add/Remove Templates...'
    4 Add the "SampleADM.adm" file (from %systemroot%\inf)
    5 You should now see an addition folder for the “SampleADM” setting, under Computer configuration\Administrative Templates
    6 (on Windows 2000 DC) From the View menu uncheck 'View policies only'
    7 (on Windows Server 2003 DC) From View menu, click "Filtering" and uncheck "Only show policy settings that can be fully managed".
    8 Now you will see a policy setting "Kerberos MaxTokenSize" under "Kerberos Maximum Token Size", which you can enable to apply the registry setting.

    It’s recommended that you test the .adm file in LAB environment first before you publish it to your production server.


    Wilson Jia - MSFT
    • Proposed as answer by Wilson Jia Monday, July 13, 2009 3:34 AM
    • Marked as answer by Wilson Jia Thursday, July 16, 2009 2:16 AM
    Wednesday, July 8, 2009 8:49 AM

All replies

  • You need to use the Group Policy Management Console to manage your GPO's, and you should not be doing anything with the registry settings while using GPO's, that is automatically done for you. Don't hack into the registry if it's not needed.

    Certifications: MCSA 2003 MCSE 2003
    Tuesday, July 7, 2009 11:27 PM
  • Hi JJammer,

     

    Thank you for posting here, You can use Group Policy Preference policy to deploy registry settings.

    For more information, please refer to the following TechNet articles:

     

    Registry Extension

    http://technet.microsoft.com/en-us/library/cc771589.aspx

     

    Overview of Preferences

    http://technet.microsoft.com/en-us/library/cc732027.aspx

     

    You do not need to upgrade to Windows Server 2008 to use Group Policy Preference policies. You can configure a Group Policy preference item in a Windows Server 2003 environment from either a Windows Server 2008 server or a Windows Vista with Service Pack 1 client with RSAT update installed. If you do not have Windows Server 2008 server, you can download and install Remote Server Administration Tools on Windows Vista with SP1 on a Vista client to manage and configure them.

     

    The CSEs for the new Group Policy preference functionality are required in Windows XP Service Pack 2 (SP2), Windows Server 2003 Service Pack 1 (SP1), and Windows Vista to process the new preference items. To download and install CSEs, please refer to the following link:

     

    Information about new Group Policy preferences in Windows Server 2008

    http://support.microsoft.com/kb/943729

     

    -----------------------------------------------------------

     

    Notes: If you don’t have Windows server 2008 or Windows Vista with SP1 client in your current environment, you need to write a custom ADM file according to the registry change and input this file into group policy on the DC.

     

    ·         Here is a link to KB that discusses the process of creating custom ADM files:
    225087 Writing Custom ADM Files for System Policy Editor
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;225087

    Additional resources on MSDN:

    http://msdn.microsoft.com/en-us/library/aa372405(VS.85).aspx

     

    ·         Steps to import a ADM file into group policy on a DC:

     

    1 Copy the attached "SampleADM.txt" file to %systemroot%\inf folder on a Domain Controller, and rename it to "SampleADM.adm"
    2 Create a new group policy object linked to the OU of interest or at the domain level (OU containing machines where you want to set the registry).
    3 Right click 'Administrative template' under Computer Configuration and select 'Add/Remove Templates...'
    4 Add the "SampleADM.adm" file (from %systemroot%\inf)
    5 You should now see an addition folder for the “SampleADM” setting, under Computer configuration\Administrative Templates
    6 (on Windows 2000 DC) From the View menu uncheck 'View policies only'
    7 (on Windows Server 2003 DC) From View menu, click "Filtering" and uncheck "Only show policy settings that can be fully managed".
    8 Now you will see a policy setting "Kerberos MaxTokenSize" under "Kerberos Maximum Token Size", which you can enable to apply the registry setting.

    It’s recommended that you test the .adm file in LAB environment first before you publish it to your production server.


    Wilson Jia - MSFT
    • Proposed as answer by Wilson Jia Monday, July 13, 2009 3:34 AM
    • Marked as answer by Wilson Jia Thursday, July 16, 2009 2:16 AM
    Wednesday, July 8, 2009 8:49 AM