[gptalk] Custom ADM Issues

Hey All,

I thought I sent this on Monday, but apparently with this "email" thing
you have to hit a send button to get it to work.

 

I was looking for a little feedback on a custom adm template I've been
working on. I am sure the problem is staring me right in the face but I
am completely missing it.

 

I want to generate and manage 3 keys on all computers across the domain.
The three keys are the following:

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters\General\Global]

"AuthMode"=dword:00000002

"SupplicantMode"=dword:00000003

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon]

"GpNetworkStartTimeoutPolicyValue"=dword:0000003c (This should be a
decimal value)

 

I've created adm templates before, but it has been a while and so far
all I can do is get the event log to spit angry messages at me. Here is
a sample of the code I am using (I've left off the strings comments to
keep this as brief as possible):

 

CLASS MACHINE

CATEGORY "System"

      CATEGORY "NAC Options"

            POLICY !!AMode

                  EXPLAIN !!AMode_Exp

                  KEYNAME
"SOFTWARE\Microsoft\EAPOL\Parameters\General\Global"

                  PART "Authentication Mode" NUMERIC

                        VALUENAME "AuthMode"

                        MIN   0

                        MAX   2

                        TXTCONVERT

                        DEFAULT 2

                        SPIN 1

                  END PART

            END POLICY

      END CATEGORY

 

      CATEGORY "NAC Options"

            POLICY !!SMode

                  EXPLAIN !!SMode_Exp

                  KEYNAME
"SOFTWARE\Microsoft\EAPOL\Parameters\General\Global"

                  PART "Supplicant Mode" NUMERIC

                        VALUENAME "SupplicantMode"

                        MIN   1

                        MAX   3

                        TXTCONVERT

                        DEFAULT 3

                        SPIN 1

                  END PART

            END POLICY

      END CATEGORY

 

      CATEGORY "NAC Options"

            POLICY !!Timeout

                  EXPLAIN !!Timeout_Exp

                  KEYNAME "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon"

                  PART "Timeout for NAC Negotiation"

                        EDITTEXT REQUIRED

                        VALUENAME "GpNetworkStartTimeoutPolicyValue"

                        DEFAULT "0000003c"

                  END PART

            END POLICY

      END CATEGORY

END CATEGORY

 

There are 2 seemingly non specific errors that I am getting that may
help. These are both from the event log:

 

"Windows cannot create registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon. (The parameter is incorrect. )."

 

"Windows cannot access the registry policy file,
\\domain.com\SysVol\domain.com\Policies\{BA8CA221-6DC1-4631-B838-4135A66
DE872}\Machine\registry.pol. (The parameter is incorrect. )."

 

As always, thanks in advance.

 

 

Jonathan Finkbiner <mailto:jfinkbiner@xxxxxxx> 

Information Services

Support Analyst

Lifestyle Family Fitness <http://www.lff.com/> 

 

 

Other related posts: