Group Policy Extensions Processing

M

Michael Waterman

Hello,

A question about the Group Policy Client extension processing:

In Microsoft support article:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;216358

It is stated that the registry entries:

Value: NoMachinePolicy
Purpose: Determines whether or not the client extension will process a
group policy when a machine policy is being applied.

Value: NoUserPolicy
Purpose: Determines whether or not the client extension will process a
group policy when a user policy is being applied.

When I apply both these values to the keys found in the registry
location:

HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\GPExtensions\{GUID}

It works for all the other client extensions except for the Component:
Registry Settings = {35378EAC-683F-11D2-A89A-00C04FBBCFA2}

I want to use this to stop the group policy processing during an
unattended installation (Auto admin login etc etc)(See my previous
post). Is there any way of doing this?

Thanks for all that respond

Regards,
Michael Waterman
 
T

Tim Springston [MSFT]

Hi Michael-

This needs to be done on for each Client Side Extension (CSE) to prohibit
all group policy processing. As an example, Registry CSE processes registry
keys that are set via group policy. Another CSE is Folder Redirection for
folder redirection settings.

The bottom line is that you need to look at the setting you are looking at
prohibting from processing, determine the CSE that processes it, then
disable that.
 
M

Michael Waterman

Hi Tom,

Thanks for the clarification on that…. I experimented with the subject
and it worked like you told me….. Except for the registry settings….

When I at the NoMachinePolicy = 1 (DWORD) to the key with GUID:

{35378EAC-683F-11D2-A89A-00C04FBBCFA2}

(This should be the client extension that controls the registry
processing)

It still applies the settings….. But at one moment in time it didn't….
that was when I added the NoMachinePolicy reg setting to the security
key ({827D319E-6EAC-11D2-A4EA-00C04F79F83A})

That's kinda weird isn't it?? Anyway it work using this "trick"…. Do
you have any thoughts why the NoMachinePolicy setting is ignored when
it is added in the Registry processing key???

Thanks for the information and hope to hear from you.

Mike
 
T

Tim Springston [MSFT]

Hi Michael-

That's actually not surprising. Some settings are user based, some are
machine. Security CSE settings are machine-based, while Registry CSE ones
are all (if I remember correctly) user-based. Hence NoMachinePolicy will
not make a difference.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

gpotool reports version mismatch in default domain policy 2
Policy mismatch, but I don't see it 4
Group Policy Client Side Extension failures 8
Local Group Policy 1
Group Policy Processing differences ... 3
group policy "User Settings" ignored 4
User Policy doesn't apply 1
Application error with client side extension using ProcessGroupPolicyEx 0

Top