Announcement

Collapse
No announcement yet.

Converting registry settings to true policy via ADM file

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Converting registry settings to true policy via ADM file

    Hi all,

    I'm interested in how to convert registry settings to true policy via ADM file to avoid tattooing the registry. I figured out there are some settings that you can simply "copy" to HKLM/HKCU\Software\policies key - that is, you can create ADM key by replacing the first part of the registry key path and putting the setting into \SW\Policies.

    But there are many others that don't appear to follow that logic. For example, I found out that settings which control WMI exception in Vista firewall are natively found in

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules\

    (for example: WMI-ASYNC-In-TCP setting)

    But if I want those settings to apply via true group policy, I need to put them to:

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\FirewallRules

    Obviously the first part of paths should be different, but you can see that even the second part of paths do not match. "Native" settings reside in

    SharedAccess\Parameters\FirewallPolicy\FirewallRul es\

    whereas Nonpersistent GP settings reside in

    Microsoft\WindowsFirewall\FirewallRules

    Also, another example would be registry setting for "Hide file extentions for known file types" which I wanted to disable via true policy but was unable to find out the correct path under \SW\Policies\ key. So I ended with tattoing the registry.

    Is there any rule how to convert "native" registry path to true policy path? Or perhaps a table or a list that shows commonly used paths.

    Thanks in advance!

  • #2
    Re: Converting registry settings to true policy via ADM file

    No idea? Anyone?

    Comment


    • #3
      Re: Converting registry settings to true policy via ADM file

      I don't think you can 'just' convert a preference to a policy - the application in question needs to be written to look under Policies for its settings. I believe.
      Gareth Howells

      BSc (Hons), MBCS, MCP, MCDST, ICCE

      Any advice is given in good faith and without warranty.

      Please give reputation points if somebody has helped you.

      "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

      "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

      Comment


      • #4
        Re: Converting registry settings to true policy via ADM file

        Hm, makes sense. But that suggests applications or components need to have this documented - where they look for their policies? Microsoft products even more so.

        I mean, there is a lot of talk how writting custom ADM files with true policy settings is so much preferred to tattooing, but I can't find any guide how to really write true policies.

        How do you do it?

        TNX

        Comment

        Working...
        X