[gptalk] Re: ADM problem
- From: <jpsalemi@xxxxxxxxxxxxxxxxxxx>
- To: gptalk@xxxxxxxxxxxxx
- Date: Tue, 22 Aug 2006 12:16:34 -0500
Just for kicks, being as it's one word and no spaces, try removing the " 's
from WriteProtect
Ya never know..
John
"Gray Troutman"
<jgraytroutman@gm
ail.com> To
Sent by: gptalk@xxxxxxxxxxxxx
gptalk-bounce@fre cc
elists.org
Subject
[gptalk] Re: ADM problem
08/22/2006 11:09
AM
Please respond to
gptalk@freelists.
org
sorry about that, I misstyped, it's NUMERIC. I've tried running gpupdate
/force and it didn't work. I was just wondering if there was naything
obviously wrong in my ADM that would keep the value from being presented
properly. I'll just keep at it.
On 8/22/06, jpsalemi@xxxxxxxxxxxxxxxxxxx <jpsalemi@xxxxxxxxxxxxxxxxxxx >
wrote:
Gary, you're not using NUMERICAL are you? The policy says NUMERIC ?
It should be NUMERIC
It wouldn't apply during a policy refresh, but a reboot, policy change,
or
a gpupdate /force it should. You can try "always run registry policy
settings too" although that can cause some performance issues upon policy
re-application.
The idea being if someone has admin rights, and deletes the key, it won't
automagically come back.
John
"Gray Troutman"
< jgraytroutman@gm
ail.com>
To
Sent by: gptalk@xxxxxxxxxxxxx
gptalk-bounce@fre
cc
elists.org
Subject
[gptalk] Re: ADM problem
08/22/2006 10:51
AM
Please respond to
gptalk@freelists.
org
So if I have
VALUEON NUMERICAL 1
VALUEOFF NUMERICAL 0
Having it enabled should have put 1 into the value, but it didn't, and
the
key didn't exist before the GPO was created.
But, more importantly, what you're telling me is that if I switch the
policy between enabled and disabled, it's not going to update the key to
the appropriate value? If that's the case, I might as well just write a
script that imports the appropriate registry value during logon.
On 8/22/06, Delaney, Doug <doug.delaney@xxxxxxx> wrote:
If the value does not exist (previously) it should work. This is
considered a "user preference" and a GPO will only apply it once. It
will not be "managed".
Doug Delaney
GM Desktop Engineering
Global Client Engineering GM
1075 W. Entrance Dr., MS 2B, Cube 2130
Auburn Hills, MI 48326
Lab: 248-365-9187
Tel: 248-754-7917
Pg: 248-870-0306 pager
Mail: Doug.Delaney@xxxxxxx
Note: The information in this email is intended solely for the
addressee.
Access to this email by anyone else is unauthorized. If you are not the
intended recipient, any disclosure, copying, distribution or any action
taken or omitted to be taken in reliance on it is prohibited.
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:
gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Gray Troutman
Sent: Tuesday, August 22, 2006 11:18 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: ADM problem
The thing is that if I create the key/dword and put in the value 1 in
manually, it works fine, write access to USB devices is disallowed. If
I
use the ADM, though, it creates the key and dword, but doesn't put the
correct value in, it stays 0.
On 8/22/06, Tim Bolton < jsclmedave@xxxxxxxxx> wrote:
We tried this numerous times, but certain USB sticks were still able
to load and were accessible.
hopefully Darren has the magic bullet for this. I have heard of shops
actually putting epoxy in the ports...
We use a product that took care of this. If you want info on it
please email me direct.
I am very curious to see if there is a workable solution in GP...
TB
On 8/22/06, Gray Troutman < jgraytroutman@xxxxxxxxx> wrote:
> Hey folks,
> I've implemented a few custom ADMs without any difficulty. I have
one,
> however, that doesn't seem to want to work properly. It's one I
found
it
> over at thelazyadmin.com . The ADM is supposed to disable write
access to
> USB devices. When I manually create the key and dword, everything
works
> fine, but when I try to implement it through a GPO, it creates the
key
and
> dword, but doesn't place the appropriate value (1) into the
registry.
Here
> are the contents of the ADM:
>
> CLASS MACHINE
> CATEGORY "Removeable Storage Write Access"
> POLICY "USB Write Access"
> KEYNAME
> "SYSTEM\CurrentControlSet\Control\StorageDevicePolicies"
> VALUENAME "WriteProtect"
> VALUEON NUMERIC 1
> VALUEOFF NUMERIC 0
> END POLICY
> END CATEGORY;
>
> As an additional note, I'll mention that this is the only machine
specific
> policy I'm trying to enforce within this GPO, everything else is on
the user
> side. I had thought that maybe I had instituted a policy that was
keeping
> the key from being generated, but everything show up except for the
> appropriate value.
>
> Thanks in advance,
> Gray
>
--
Genius may have its limitations, but stupidity is not thus
handicapped. - Elbert Hubbard
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field
OR
by logging into the freelists.org Web interface. Archives for the list
are available at http://www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at http://www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at http://www.freelists.org/archives/gptalk/
************************
- References:
- [gptalk] Re: ADM problem
- From: Gray Troutman
Other related posts:
- » [gptalk] ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- » [gptalk] Re: ADM problem
- [gptalk] Re: ADM problem
- From: Gray Troutman