custom ADM not appearing

[maverick]

hi, following KB323639 and
http://www.oreilly.de/catalog/winsyspe/chapter/ch08.html, i created my
own custom ADM file (copying also from Steven Geary) to block floppy,
CD, and USB devices. i imported it into my test gpo but all i get is a
blank admin templates (class Machine). i went over the code and can't
figure out why. i checked the keynames against my registry and they
match.

here is the sample:

CLASS MACHINE

CATEGORY !!MyPolicy

POLICY !!policynameusb

KEYNAME "SYSTEM\CurrentControlSet\Services\USBSTOR"
EXPLAIN !!explaintextusb
PART !!labeltextusb DROPDOWNLIST REQUIRED
VALUENAME "Start"
ITEMLIST
NAME !!Disabled VALUE NUMERIC 3 DEFAULT
NAME !!Enabled VALUE NUMERIC 4
END ITEMLIST
END PART

END POLICY

POLICY !!policynamecd

KEYNAME "SYSTEM\CurrentControlSet\Services\Cdrom"
EXPLAIN !!explaintextcd
PART !!labeltextcd DROPDOWNLIST REQUIRED
VALUENAME "Start"
ITEMLIST
NAME !!Disabled VALUE NUMERIC 1 DEFAULT
NAME !!Enabled VALUE NUMERIC 4
END ITEMLIST
END PART

END POLICY

POLICY !!policynameflpy

KEYNAME "SYSTEM\CurrentControlSet\Services\Flpydisk"
EXPLAIN !!explaintextflpy
PART !!labeltextflpy DROPDOWNLIST REQUIRED
VALUENAME "Start"
ITEMLIST
NAME !!Disabled VALUE NUMERIC 3 DEFAULT
NAME !!Enabled VALUE NUMERIC 4
END ITEMLIST
END PART

END POLICY

END CATEGORY

[strings]
category="Custom Policy Settings"
categoryname="Restrict Drives"
policynameusb="Disable USB"
policynamecd="Disable CD-ROM"
policynameflpy="Disable Floppy"
explaintextusb="Disables the computers USB ports by disabling the
usbstor.sys driver"
explaintextcd="Disables the computers CD-ROM Drive by disabling the
cdrom.sys driver"
explaintextflpy="Disables the computers Floppy Drive by disabling the
flpydisk.sys driver"
labeltextusb="Disable USB Ports"
labeltextcd="Disable CD-ROM Drive"
labeltextflpy="Disable Floppy Drive"
Enabled="Enabled"
Disabled="Disabled"

 

[Florian Frommherz]

Howdy!

hi, following KB323639 and
http://www.oreilly.de/catalog/winsyspe/chapter/ch08.html, i created my
own custom ADM file (copying also from Steven Geary) to block floppy,
CD, and USB devices. i imported it into my test gpo but all i get is a
blank admin templates (class Machine). i went over the code and can't
figure out why. i checked the keynames against my registry and they
match.

Go and right-click your empty "folder" in the Group Policy Editor. Point
to "View" and Select "Filtering". Check both check boxes at the bottom
of the up-popping dialog that say "Only show... " and press OK. Will
your policy then show up?

cheers,

Florian

 

[maverick]

Howdy!


Go and right-click your empty "folder" in the Group Policy Editor. Point
to "View" and Select "Filtering". Check both check boxes at the bottom
of the up-popping dialog that say "Only show... " and press OK. Will
your policy then show up?

Hi, nope all (admin templates) folders disappeared if i do that. the
"default" is "Only show policy settings that can be managed" which is
checked. if i checked the other one "Only show configured policy
settings" then i get a blank admin templates.

so as long as "Only show configured policy settings" is unchecked i get
a list of subfolders inside admin templates.

 

[Norbert Fehlauer [MVP]]

Hi,

"default" is "Only show policy settings that can be managed" which is
checked.

Try unchecking it.

Bye
Norbert

 

[Florian Frommherz]

Howdy!

Hi, nope all (admin templates) folders disappeared if i do that. the
"default" is "Only show policy settings that can be managed" which is
checked. if i checked the other one "Only show configured policy
settings" then i get a blank admin templates.

so as long as "Only show configured policy settings" is unchecked i get
a list of subfolders inside admin templates.

Sorry, I mixed this a little up - like Norbert wrote, you need to
_uncheck_ both boxes, not ckeck them. Sorry for that!

cheers,

Florian

 

[maverick]

Hi, no worries I'm mixed up myself with all this plus perimeter
security.

I did as Norbert suggested and the customised entry appeared. if this
thing works i should post my work as a sticky somewhere here.

thanks guys!