Announcement

Collapse
No announcement yet.

Registry add not working i ADM template

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Registry add not working i ADM template

    Hi-

    Created a template using a utility called RegtoADM to disable SSLv2. I found an error in the output but I still get a keyword error (unrecognized keyword)when I try to import it. This is the template:

    CLASS MACHINE

    CATEGORY "SYSTEM\CurrentControlSet\Control\SecurityProv ider s\SCHANNEL\Protocols\SSL 2.0\Server"
    KEYNAME "SYSTEM\CurrentControlSet\Control\SecurityProv ider s\SCHANNEL\Protocols\SSL 2.0\Server"

    POLICY "Enabled"
    PART "Enabled" NUMERIC
    VALUENAME "Enabled"
    VALUE NUMERIC 0
    END PART
    END POLICY

    END CATEGORY

    What am I doing wrong? It pulls the error on the 'VALUE' parameter.

  • #2
    Re: Registry add not working i ADM template

    Remove any previous added policy templates from the GPO that set a value to this 'VALUENAME' in the key 'KEYNAME'.
    Close the Add/Remove Templates box to update the policy.

    Then, try adding and test this ADM:
    Code:
    CLASS MACHINE
      CATEGORY "Secure Channel Security Support Provider Settings"
        CATEGORY "Protocols"
    
          POLICY "SSL 2.0 - Server"
          KEYNAME "SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server"
            VALUENAME "Enabled"
            VALUEON NUMERIC 1
            VALUEOFF NUMERIC 0
          END POLICY
    
        END CATEGORY
      END CATEGORY
    Set this policy to Disabled to disable SSL 2.0 (VALUE=0).
    or
    Set this policy to Enabled to enable SSL 2.0 (VALUE=1).


    \Rems
    Last edited by Rems; 15th October 2009, 00:41.

    This posting is provided "AS IS" with no warranties, and confers no rights.

    __________________

    ** Remember to give credit where credit's due **
    and leave Reputation Points for meaningful posts

    Comment


    • #3
      Re: Registry add not working i ADM template

      Rems,

      Still ng. What I had done was create a new GPO, I removed all templates in that GPO (this time, did not in the other attempts - left them as is). Added your ADM and still get same error. See attached doc.

      ...Alan

      Never mind, can't upload image. But it is the same exact error - doesn't know what VALUE is, unrecognized keyword.

      Comment


      • #4
        Re: Registry add not working i ADM template

        Rems-

        It actually DOES work. I found a copy of a prevoius ADM I was trying in the same directory. But I need to know if my syntax was BASICALLY correct.

        Is there a specific order for statements? Where do I actually need to use PART? I want to learn this REAL bad so I can make my life easier. I have written scripts before so am a LITTLE familiar with flow.

        ..AR

        BTW THANK YOU!!!

        Comment


        • #5
          Re: Registry add not working i ADM template

          Originally posted by araczek View Post
          But I need to know if my syntax was BASICALLY correct.
          Basically yes, except that you can not use VALUE NUMERIC 0 within PART "text" NUMERIC, that should have been DEFAULT 0 instead.
          For a simple policy where you only need to set a registry key to either 1 or 0, you do not need to use PART. Use PART to specify various options.

          More about creating simple custom ADM files, refer these links:
          - http://msdn.microsoft.com/en-us/libr...05(VS.85).aspx
          - http://technet.microsoft.com/en-us/l...64(WS.10).aspx
          - http://support.microsoft.com/kb/225087

          For full documentation on ADM files, download this white paper:
          - Using Administrative Template Files with Registry-Based Group Policy


          \Rems


          -= btw =-
          Instead of creating customized Administrative Templates you can also use Group Policy Preferences (GPP) for this.
          GPP is essentially a set of client-side extensions and a management interface that adds to the previous Windows GP capabilities.

          The 'Registry Extension', a per-computer and per-user extension, provides the ability to easily push registry values to computers and users through a GUI interface, and because it supports all the different value types in the registry, this extension effectively eliminates the need for creating custom ADM files for pushing out registry modifications through Administrative Template policy.

          In fact, GP Preferences provides a wealth of additional policy configuration capabilities. All configurations can be processed by any systems running XP and above with the CSE package and XMLLite installed. But you do need at least Vista SP1 or Server 2008 to manage these new settings.
          [Group Policy Preferences Overview]
          _
          Last edited by Rems; 15th October 2009, 23:38.

          This posting is provided "AS IS" with no warranties, and confers no rights.

          __________________

          ** Remember to give credit where credit's due **
          and leave Reputation Points for meaningful posts

          Comment

          Working...
          X