[gptalk] Re: Custom ADM Issues
- From: "Delaney, Doug" <doug.delaney@xxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Wed, 6 Feb 2008 16:22:50 -0500
I also think you only need the first CATEGORY "NAC Options" and the last
two END CATEGORYs
Doug Delaney
EDS - Integration Engineering-GM
GM Desktop Engineering
1075 W. Entrance Dr., MS 2B, Cube 2130
Auburn Hills, MI 48326
Cell: 248-210-4973
Lab: 248-365-9187
Tel: 248-754-7917
Pg: 248-870-0306 pager
Mail: Doug.Delaney@xxxxxxx <mailto:Doug.Delaney@xxxxxxx>
Note: The information in this email is intended solely for the
addressee. Access to this email by anyone else is unauthorized. If you
are not the intended recipient, any disclosure, copying, distribution or
any action taken or omitted to be taken in reliance on it is prohibited.
________________________________
From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Nelson, Jamie R
Sent: Wednesday, February 06, 2008 3:03 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Custom ADM Issues
You don't need the HKEY_LOCAL_MACHINE in the KEYNAME.
Jamie Nelson | Systems Engineer | Systems Support, Information
Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax
405.553.5687 | http://www.integrisok.com <http://www.integrisok.com/>
From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathan Finkbiner
Sent: Wednesday, February 06, 2008 1:55 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Custom ADM Issues
Hey All,
I thought I sent this on Monday, but apparently with this
"email" thing you have to hit a send button to get it to work.
I was looking for a little feedback on a custom adm template
I've been working on. I am sure the problem is staring me right in the
face but I am completely missing it.
I want to generate and manage 3 keys on all computers across the
domain. The three keys are the following:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters\General\Global]
"AuthMode"=dword:00000002
"SupplicantMode"=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon]
"GpNetworkStartTimeoutPolicyValue"=dword:0000003c (This should
be a decimal value)
I've created adm templates before, but it has been a while and
so far all I can do is get the event log to spit angry messages at me.
Here is a sample of the code I am using (I've left off the strings
comments to keep this as brief as possible):
CLASS MACHINE
CATEGORY "System"
CATEGORY "NAC Options"
POLICY !!AMode
EXPLAIN !!AMode_Exp
KEYNAME
"SOFTWARE\Microsoft\EAPOL\Parameters\General\Global"
PART "Authentication Mode" NUMERIC
VALUENAME "AuthMode"
MIN 0
MAX 2
TXTCONVERT
DEFAULT 2
SPIN 1
END PART
END POLICY
END CATEGORY
CATEGORY "NAC Options"
POLICY !!SMode
EXPLAIN !!SMode_Exp
KEYNAME
"SOFTWARE\Microsoft\EAPOL\Parameters\General\Global"
PART "Supplicant Mode" NUMERIC
VALUENAME "SupplicantMode"
MIN 1
MAX 3
TXTCONVERT
DEFAULT 3
SPIN 1
END PART
END POLICY
END CATEGORY
CATEGORY "NAC Options"
POLICY !!Timeout
EXPLAIN !!Timeout_Exp
KEYNAME
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon"
PART "Timeout for NAC Negotiation"
EDITTEXT REQUIRED
VALUENAME
"GpNetworkStartTimeoutPolicyValue"
DEFAULT "0000003c"
END PART
END POLICY
END CATEGORY
END CATEGORY
There are 2 seemingly non specific errors that I am getting that
may help. These are both from the event log:
"Windows cannot create registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon. (The parameter is incorrect. )."
"Windows cannot access the registry policy file,
\\domain.com\SysVol\domain.com\Policies\{BA8CA221-6DC1-4631-B838-4135A66
DE872}\Machine\registry.pol. (The parameter is incorrect. )."
As always, thanks in advance.
Jonathan Finkbiner <mailto:jfinkbiner@xxxxxxx>
Information Services
Support Analyst
Lifestyle Family Fitness <http://www.lff.com/>
________________________________
This e-mail may contain identifiable health information that is
subject to protection under state and federal law. This information is
intended to be for the use of the individual named above. If you are not
the intended recipient, be aware that any disclosure, copying,
distribution or use of the contents of this information is prohibited
and may be punishable by law. If you have received this electronic
transmission in error, please notify us immediately by electronic mail
(reply).
________________________________
This e-mail may contain identifiable health information that is
subject to protection under state and federal law. This information is
intended to be for the use of the individual named above. If you are not
the intended recipient, be aware that any disclosure, copying,
distribution or use of the contents of this information is prohibited
and may be punishable by law. If you have received this electronic
transmission in error, please notify us immediately by electronic mail
(reply).
- Follow-Ups:
- [gptalk] Re: Custom ADM Issues
- From: Jonathan Finkbiner
- References:
- [gptalk] Custom ADM Issues
- From: Jonathan Finkbiner
- [gptalk] Re: Custom ADM Issues
- From: Nelson, Jamie R
Other related posts:
- » [gptalk] Custom ADM Issues
- » [gptalk] Re: Custom ADM Issues
- » [gptalk] Re: Custom ADM Issues
- » [gptalk] Re: Custom ADM Issues
- » [gptalk] Re: Custom ADM Issues
- » [gptalk] Re: Custom ADM Issues
- » [gptalk] Re: Custom ADM Issues
- » [gptalk] Re: Custom ADM Issues
- » [gptalk] Re: Custom ADM Issues
- » [gptalk] Re: Custom ADM Issues
- [gptalk] Re: Custom ADM Issues
- From: Jonathan Finkbiner
- [gptalk] Custom ADM Issues
- From: Jonathan Finkbiner
- [gptalk] Re: Custom ADM Issues
- From: Nelson, Jamie R