Currently I have a couple of registry edits which I perform to increase the security of the network. The edits are performed in the following manner:
1) Changes are exported to .reg file 2) .reg file is placed in netlogon share 3) "run command on logon" in group policy is modified to contain "regedit.exe /s file.reg" 4) group policy is applied to all authenticated users
This accomplishes the task but is sloppy in my consideration.
Does anyone know of a way to apply registry edits through GP in a more 'sanitary' manner?
This conversation is currently closed to new comments.
Have you tried creating an .msi package with the registry edits? There is a free version of Wininstall Lite on the Windows 2000 server cd. Very handy for creating quick .msi packages. You could then assign the application in group policy.
Hi there, A large part of Group Policy is registry based. The templates (Administrative Templates) that help make up GP are stored in <%systemroot%>\inf folder...they have the .ADM extension. Open one up in Notepad and take a look. It's posible to create your own templates and add them to your GPOs. Take a look at this Microsoft whitepaper for all the details (http://www.microsoft.com/Windows2000/techinfo/howitworks/management/rbppaper.asp).
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
Regedit with Group Policy
1) Changes are exported to .reg file
2) .reg file is placed in netlogon share
3) "run command on logon" in group policy is modified to contain "regedit.exe /s file.reg"
4) group policy is applied to all authenticated users
This accomplishes the task but is sloppy in my consideration.
Does anyone know of a way to apply registry edits through GP in a more 'sanitary' manner?