Announcement

Collapse
No announcement yet.

Add new Administrative Template

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Add new Administrative Template

    Hi All !

    I'm trying something for the first time, and it doesn't work like I expect it to...

    What I'm trying is to set the Advanced Option in Internet Explorer for "Use TLS 1.0" to be "Selected". It doesn't exist as a Policy, so I created a new entry in the registry called "SecureProtocols" in the Internet Settings of HKEY_USERS and exported it as a reg file. Then I cleaned the reg file so it only contains that particular option.

    Now for the part I'm trying to understand. I found a tool called "Reg2Adm". Imported my reg file and converted it to an adm file. Then I used GPMC, created a new GPO on an OU I use for tests and added the Administrative Template.

    So... here's my ADM - my problems and questions are following...

    CLASS USER

    CATEGORY ".DEFAULT\Software\Microsoft\Windows\CurrentVersio n\Internet Settings"
    KEYNAME ".DEFAULT\Software\Microsoft\Windows\CurrentVersio n\Internet Settings"

    POLICY "SecureProtocols"
    PART "SecureProtocols"
    NUMERIC
    VALUENAME "SecureProtocols"
    END PART
    END POLICY

    END CATEGORY
    1. I'd like to have it called something like "Secure Protocols" or "Turn TLS 1.0 on or off". Where do I specify that ?
    2. I'd like to have it placed under "Internet Settings" in the Administrative Templates. Can I do that ? If yes, how does it work ?
    3. I actually applied this new policy on my test OU, and did a GPUPDATE /FORCE... TLS 1.0 checkbox is still cleared. No change after a reboot. I'm wondering if the value that I enter is wrong... I'm setting the policy to "Enabled" and the numeric value to "80". Is that correct ?
    4. How could I define the value inside the policy and then just make a choice available to Enable or Disable it ? (where Enabled would mean "Use TLS 1.0" is checked)
    5. How should I edit the ADM file to add information in the "Explain" tab of the policy ?

    Questions 3 & 4 are the important ones, if you have answers to them, or all of them, or could direct me to a useful site where it's all clearly explained... I would appreciate it

    Thanks in advance,
    Mikey

    PS : You gotta love the "Help/About" page of Reg2Adm... "For use only by System Administrator or Programers who know what this is all about." Well I'd like to learn what it's all about, how about referring me to a helpful page or documentation ?

  • #2
    Re: Add new Administrative Template

    Have you checked this out yet?

    http://www.virtualizationadmin.com/a...vironment.html

    Comment


    • #3
      Re: Add new Administrative Template

      No I haven't... seems to explain things I am wondering about... I'll check this as soon as I'm at the office !

      Thanks !

      Comment


      • #4
        Re: Add new Administrative Template

        Alright, so I understand some things now... but the setting I'm trying to enable in the advanced Internet Settings just won't turn itself ON.

        Here's my ADM now :
        CLASS USER

        CATEGORY "Secure Protocols"
        KEYNAME "Software\Microsoft\Windows\CurrentVersion\Interne t Settings"

        POLICY "SecureProtocols"

        EXPLAIN !!expl_SecureProtocols

        PART "SecureProtocols"
        CHECKBOX
        VALUENAME "SecureProtocols"
        VALUEON NUMERIC 128
        VALUEOFF NUMERIC 0
        END PART
        END POLICY

        END CATEGORY

        [strings]

        expl_SecureProtocols="This Policy sets the Internet Advanced Setting -Use TLS 1.0- to ENABLED."
        As you can see, I started from scratch again and exported the key from "HKEY_CURRENT_USER/...". The entry in the registry key "Internet Settings" should be called "SecureProtocols", should be a "dword" and its value should be 0x000080 (128 ) for the option to be enabled. I tried using "80" (Hex) as value, then I tried using "128" (Dec)... it just won't work.

        Gpupdate /force or even rebooting the server still doesn't change a thing...

        I'm missing something, I hope you guys can tell me what it is...

        Thanks in advance,
        Mikey

        Comment


        • #5
          Re: Add new Administrative Template

          Well... nevermind !

          I just tried the ADM on my local policies - and it works just fine !

          Apparently I have a problem with applying GPO's on that test OU I was talking about.

          So thanks for the link to that help page akitafan posted.

          Ch33rz,
          Mikey

          Comment

          Working...
          X