[gptalk] Re: Custom ADM Issues

  • From: "Nelson, Jamie R" <Jamie.Nelson@xxxxxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Wed, 6 Feb 2008 14:03:00 -0600

You don't need the HKEY_LOCAL_MACHINE in the KEYNAME.

 

Jamie Nelson | Systems Engineer | Systems Support, Information
Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax
405.553.5687 | http://www.integrisok.com <http://www.integrisok.com/> 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Jonathan Finkbiner
Sent: Wednesday, February 06, 2008 1:55 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Custom ADM Issues

 

Hey All,

I thought I sent this on Monday, but apparently with this "email" thing
you have to hit a send button to get it to work.

 

I was looking for a little feedback on a custom adm template I've been
working on. I am sure the problem is staring me right in the face but I
am completely missing it.

 

I want to generate and manage 3 keys on all computers across the domain.
The three keys are the following:

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters\General\Global]

"AuthMode"=dword:00000002

"SupplicantMode"=dword:00000003

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon]

"GpNetworkStartTimeoutPolicyValue"=dword:0000003c (This should be a
decimal value)

 

I've created adm templates before, but it has been a while and so far
all I can do is get the event log to spit angry messages at me. Here is
a sample of the code I am using (I've left off the strings comments to
keep this as brief as possible):

 

CLASS MACHINE

CATEGORY "System"

      CATEGORY "NAC Options"

            POLICY !!AMode

                  EXPLAIN !!AMode_Exp

                  KEYNAME
"SOFTWARE\Microsoft\EAPOL\Parameters\General\Global"

                  PART "Authentication Mode" NUMERIC

                        VALUENAME "AuthMode"

                        MIN   0

                        MAX   2

                        TXTCONVERT

                        DEFAULT 2

                        SPIN 1

                  END PART

            END POLICY

      END CATEGORY

 

      CATEGORY "NAC Options"

            POLICY !!SMode

                  EXPLAIN !!SMode_Exp

                  KEYNAME
"SOFTWARE\Microsoft\EAPOL\Parameters\General\Global"

                  PART "Supplicant Mode" NUMERIC

                        VALUENAME "SupplicantMode"

                        MIN   1

                        MAX   3

                        TXTCONVERT

                        DEFAULT 3

                        SPIN 1

                  END PART

            END POLICY

      END CATEGORY

 

      CATEGORY "NAC Options"

            POLICY !!Timeout

                  EXPLAIN !!Timeout_Exp

                  KEYNAME "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon"

                  PART "Timeout for NAC Negotiation"

                        EDITTEXT REQUIRED

                        VALUENAME "GpNetworkStartTimeoutPolicyValue"

                        DEFAULT "0000003c"

                  END PART

            END POLICY

      END CATEGORY

END CATEGORY

 

There are 2 seemingly non specific errors that I am getting that may
help. These are both from the event log:

 

"Windows cannot create registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon. (The parameter is incorrect. )."

 

"Windows cannot access the registry policy file,
\\domain.com\SysVol\domain.com\Policies\{BA8CA221-6DC1-4631-B838-4135A66
DE872}\Machine\registry.pol. (The parameter is incorrect. )."

 

As always, thanks in advance.

 

 

Jonathan Finkbiner <mailto:jfinkbiner@xxxxxxx> 

Information Services

Support Analyst

Lifestyle Family Fitness <http://www.lff.com/> 

 

 

**********************************************************************
This e-mail may contain identifiable health information that is subject to 
protection under state and federal law. This information is intended to be for 
the use of the individual named above. If you are not the intended recipient, 
be aware that any disclosure, copying, distribution or use of the contents of 
this information is prohibited and may be punishable by law. If you have 
received this electronic transmission in error, please notify us immediately by 
electronic mail (reply).


This e-mail may contain identifiable health information that is subject to 
protection under state and federal law. This information is intended to be for 
the use of the individual named above. If you are not the intended recipient, 
be aware that any disclosure, copying, distribution or use of the contents of 
this information is prohibited and may be punishable by law. If you have 
received this electronic transmission in error, please notify us immediately by 
electronic mail (reply).

Other related posts: