I didn't find a forum for Group Policies for Windows 2003 so ...

Hi all,

I'm trying to create a custom adm file for managing settings under the
HKLM\SYSTEM registry. I did some tests with the help from
http://support.microsoft.com/kb/225087, specially the part "how to test"
under the section "Creating an ADM File". There Microsoft shows a small
sample for managing the spool directory. (which we actually might want to
use, ours is on the d:\spool directory on our print servers)

I've created the adm file, and added it via the "Local Computer Policy",
under "Computer Configuration", "Administrative templates", right mouse click
"add/Remove templates" and added the small template file:

CLASS MACHINE
CATEGORY "How To Test"
POLICY "Change Spool Directory"

KEYNAME "System\CurrentControlSet\Control\Print\Printers"
PART "Spool Directory"
EDITTEXT
VALUENAME "DefaultSpoolDirectory"
END PART

END POLICY
END CATEGORY

Very strange, this is added in the view, but the actual policy "Change Spool
Directory" is NOT ("there are no items to show in this view" message)!

Did some other tests, using an adm file from IBM.

CLASS MACHINE
CATEGORY !!PCOMM
CATEGORY !!Configuration
KEYNAME "Software\Policies\IBM\Personal Communications\Configuration"
POLICY !!Communication
PART !!Communication DROPDOWNLIST
VALUENAME Comm REQUIRED
ITEMLIST
NAME !!NoAccess VALUE "1"
NAME !!Write VALUE "2"
END ITEMLIST
END PART
END POLICY
END CATEGORY
END CATEGORY

[strings]
PCOMM = "IBM Personal Communications"
Configuration = "Configuration"
Communication = "Communication"
NoAccess = "No Access"
Write = "Write"

And this policy is visible. The only difference is actually the
"(HKLM\)SOFTWARE" and the "(HKLM\)SYSTEM" in the KEYNAME. If I change this in
the IBM's adm file, the policy isn't visible anymore!!!!

Did Microsoft protect the "system" key adm's for themselves??????

Thanks for the reply's.

Hello David,

Here is the NG for GPO:
microsoft.public.windows.group_policy

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> I didn't find a forum for Group Policies for Windows 2003 so ...
>
> Hi all,
>
> I'm trying to create a custom adm file for managing settings under the
> HKLM\SYSTEM registry. I did some tests with the help from
> http://support.microsoft.com/kb/225087, specially the part "how to
> test" under the section "Creating an ADM File". There Microsoft shows
> a small sample for managing the spool directory. (which we actually
> might want to use, ours is on the d:\spool directory on our print
> servers)
>
> I've created the adm file, and added it via the "Local Computer
> Policy", under "Computer Configuration", "Administrative templates",
> right mouse click "add/Remove templates" and added the small template
> file:
>
> CLASS MACHINE
> CATEGORY "How To Test"
> POLICY "Change Spool Directory"
> KEYNAME "System\CurrentControlSet\Control\Print\Printers"
> PART "Spool Directory"
> EDITTEXT
> VALUENAME "DefaultSpoolDirectory"
> END PART
> END POLICY
> END CATEGORY
> Very strange, this is added in the view, but the actual policy "Change
> Spool Directory" is NOT ("there are no items to show in this view"
> message)!
>
> Did some other tests, using an adm file from IBM.
>
> CLASS MACHINE
> CATEGORY !!PCOMM
> CATEGORY !!Configuration
> KEYNAME "Software\Policies\IBM\Personal
> Communications\Configuration"
> POLICY !!Communication
> PART !!Communication DROPDOWNLIST
> VALUENAME Comm REQUIRED
> ITEMLIST
> NAME !!NoAccess VALUE "1"
> NAME !!Write VALUE "2"
> END ITEMLIST
> END PART
> END POLICY
> END CATEGORY
> END CATEGORY
> [strings]
> PCOMM = "IBM Personal Communications"
> Configuration = "Configuration"
> Communication = "Communication"
> NoAccess = "No Access"
> Write = "Write"
> And this policy is visible. The only difference is actually the
> "(HKLM\)SOFTWARE" and the "(HKLM\)SYSTEM" in the KEYNAME. If I change
> this in the IBM's adm file, the policy isn't visible anymore!!!!
>
> Did Microsoft protect the "system" key adm's for themselves??????
>
> Thanks for the reply's.
>

David,

David Burghgraeve wrote:
> I didn't find a forum for Group Policies for Windows 2003 so ...

As Meinolf stated, you need to use the .windows.group_policy - newsgroup.

> Very strange, this is added in the view, but the actual policy "Change Spool
> Directory" is NOT ("there are no items to show in this view" message)!

Right-click the category, choose "View"-> "Filtering" and clear both
checkboxes that say "Only show..."

> Did some other tests, using an adm file from IBM.
> [sample.ADM]
> And this policy is visible. The only difference is actually the
> "(HKLM\)SOFTWARE" and the "(HKLM\)SYSTEM" in the KEYNAME. If I change this in
> the IBM's adm file, the policy isn't visible anymore!!!!

This is due to the reg.key you're trying to alter. There are
"policy"-keys and "preference"-keys. The policy-keys are under
Software\Policies .. preference keys are everything outside the
"Software\Policies" keys. The Group Policy Editor only shows ADMs that
alter the true policy-keys. ADMs that change the preference-keys are not
shown by default, that's why you have to uncheck the filtering boxes.

Darren's GPOGuy site seems to be down so I add my own blog posting on this:
http://www.frickelsoft.net/blog/?p=8

cheers,

Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste

Hi Florian,

> Right-click the category, choose "View"-> "Filtering" and clear both
> checkboxes that say "Only show..."

> Darren's GPOGuy site seems to be down so I add my own blog posting on this:
> http://www.frickelsoft.net/blog/?p=8

Thanks for the information and help.

OK