G
Guest
I've created a policy to add full permissions for Builtin/administrators to
XP workstations to some subkeys of
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum and no joy.
I decided that since I had to manually type the complete path past the ENUM
key for any subkeys within ENUM it appeared that possibly Group Policy editor
allows for this only at the root of ENUM and no subkeys so I redid the policy
(new object) and added HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum and
set it to replace all permissions on subkeys. Still no Joy.
The permissions on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum are
still the default Everyone - Read, and System - Full.
I've rebooted and ran GPUPDATE /target:computer /force.
GPRESULT says it's getting the policy that includes the registry setting.
The GptTmpl.inf for that policy on sysvol has the following:
<snip>
[Unicode]
Unicode=yes
[Version]
signature="$CHICAGO$"
Revision=1
[Registry Keys
"MACHINE\SYSTEM\CurrentControlSet\Enum",0,"D
AR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)"
</snip>
Winlogon.log has no errors after setting up logging.
Am I missing something or is this just a simple 'Group policy cannot add
permissions to the ENUM keys and below under CurrentControlSet (which is I
realize just a symlink to ControlSet001), ControlSet001, and ControlSet003?
I know plenty of ways to set registry permissions via other methods so no
need to supply any other ideas as far as that is concerned. I really would
like to know one way or the other is this is expected and if not, what could
I have missed?
Thanks Ahead of time and sorry for crossposting, this is also on
windows.public.group policy via google groups.
uhprentis
XP workstations to some subkeys of
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum and no joy.
I decided that since I had to manually type the complete path past the ENUM
key for any subkeys within ENUM it appeared that possibly Group Policy editor
allows for this only at the root of ENUM and no subkeys so I redid the policy
(new object) and added HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum and
set it to replace all permissions on subkeys. Still no Joy.
The permissions on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum are
still the default Everyone - Read, and System - Full.
I've rebooted and ran GPUPDATE /target:computer /force.
GPRESULT says it's getting the policy that includes the registry setting.
The GptTmpl.inf for that policy on sysvol has the following:
<snip>
[Unicode]
Unicode=yes
[Version]
signature="$CHICAGO$"
Revision=1
[Registry Keys
"MACHINE\SYSTEM\CurrentControlSet\Enum",0,"D
AR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)"</snip>
Winlogon.log has no errors after setting up logging.
Am I missing something or is this just a simple 'Group policy cannot add
permissions to the ENUM keys and below under CurrentControlSet (which is I
realize just a symlink to ControlSet001), ControlSet001, and ControlSet003?
I know plenty of ways to set registry permissions via other methods so no
need to supply any other ideas as far as that is concerned. I really would
like to know one way or the other is this is expected and if not, what could
I have missed?
Thanks Ahead of time and sorry for crossposting, this is also on
windows.public.group policy via google groups.
uhprentis