[gptalk] Re: Problem implementing a registry setting in ADM
- From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Thu, 26 Oct 2006 14:06:45 -0700
I think its do-able using one of the Part controls--as Alan mentioned the
Checkbox part seems to exhibit the behavior you're after.
_____
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Victor W.
Sent: Thursday, October 26, 2006 12:31 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Problem implementing a registry setting in ADM
It seems I have raised a question to which the answer turns out to be not as
simple as I thought. :-)
Maybe I want two things in the same policy that aren't possible together.
On the one hand I want the registry key to be deleted when the GPO is set to
Disabled.
On the other hand I want the resgistry key to be set to 0 when it is set to
Enabled and No is selected.
I am still hoping this is possible somehow.
Thanks,
Victor
_____
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Darren Mar-Elia
Sent: donderdag 26 oktober 2006 15:35
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Problem implementing a registry setting in ADM
Alan-
I haven't looked at the checkbox part in particular so you may be right, but
in general, that is not the way a "regular" policy behaves. Do you know if
the Dropdownlist part behaves the same way?
Thanks
Darren
_____
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Alan & Margaret
Sent: Wednesday, October 25, 2006 9:28 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Problem implementing a registry setting in ADM
Hi Darren,
I think you are mistaken (or I have misunderstood you)
You are correct when you define a POLICY. You normally assign a registry
value to it and you can define a VALUEON and VALUEOFF. These can be a value,
or can use the DELETE keyword. (Microsoft uses a Default of DELETE for
VALUEOFF )
However a CHECKBOX PART within a POLICY behaves differently. It has a
VALUEON and VALUEOFF parameter, but it also has a DELETE setting which comes
in to effect if the Policy is disabled: effectively this is a Tri-state:-
1. Policy Enabled, CheckBox Enabled = VALUEON setting
2. Policy Enabled, CheckBox disabled = VALUEOFF setting
3. Policy Disabled = DELETE
This can lead to confusion if you set the VALUEOFF parameter to be DELETE.
If it is the only PART in the Policy, and there is no keyValue defined for
the Policy, then the Group Policy Editor uses the setting to determine
whether the policy is enabled. This means that you can:-
1. Enable the policy
2. Uncheck the check Box
3. Save the policy
4. The policy shows as Disabled (rather than enabled)
Sounds a bit silly, but if you use the following, it is exactly what happens
CLASS MACHINE
CLASS USER
CATEGORY "Test Policy"
POLICY "Test CheckBox"
KEYNAME software\test\checkbox
PART test CHECKBOX
KEYNAME
software\test\checkbox
VALUENAME CheckBox
VALUEON 1
VALUEOFF DELETE
END PART ;test
END POLICY ;Test CheckBox
END CATEGORY ;Test Policy
[Strings]
_____
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Darren Mar-Elia
Sent: Thursday, 26 October 2006 11:31 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Problem implementing a registry setting in ADM
Oops. Sorry, hit send to fast:
This:
'Disabled' - the registry setting must not be there
Is problematic. The Disabled state will always set a value--it will not
delete a value by default. There is the Delete keyword that you can use
however, in the ADM syntax. That might get you what you need.
Darren
_____
From: Darren Mar-Elia [mailto:darren@xxxxxxxxxx]
Sent: Wednesday, October 25, 2006 6:29 PM
To: 'gptalk@xxxxxxxxxxxxx'
Subject: RE: [gptalk] Re: Problem implementing a registry setting in ADM
The only thing I'll add to Alan's comments Victor is that I think you will
have problems with the following that you wrote:
_____
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Alan & Margaret
Sent: Wednesday, October 25, 2006 5:59 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Problem implementing a registry setting in ADM
Hi Victor,
You are pretty well correct with what you have written.
One thing that is a little confusing is whether you want a Tri-state (i.e.
Missing, 1, or 0) setting or a Bi-state setting (1, 0). I suspect a Bi-state
setting since the application will normally treat a "missing" as "0".
If you want a tristate setting, then you can do it as a checkbox or a
Listbox within a Policy and it will behave as you wish
If you want a Bi state , then you can do it just as a Policy
One other point, "Not configured" always means "do nothing" It has to be
this way otherwise all of the polices that you don't configure would be
removing entries on you
Alan Cuthbertson
Policy Management Software:-
http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml>
&f=pol_summary.shtml
ADM Template Editor:-
http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml>
&f=adm_summary.shtml
Policy Log Reporter(Free)
http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml>
&f=policyreporter.shtml
_____
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Victor W.
Sent: Thursday, 26 October 2006 5:43 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Problem implementing a registry setting in ADM
Hi,
I have decided to implement it with the drop down list afterall.
This is because this way there is probably less confusion when somebody
selects "enable".
He then has two choices Yes and No, I know this is confusing but probably
less confusing then with the checkbox.
But it got me thinking about the whole matter and that was a good thing.
I would like to go through the ADM file to be sure I am correct in my
assumption:
What I would like the following to mean in the GPO is:
'Not Configured' - the registry setting must not be there
'Enabled' - the registry setting must be there with a value of
1
'Disabled' - the registry setting must not be there
When Enabled has been selected and Yes is selected in the drop downlist -
the registry setting must be there with a value of 1
When Enabled has been selected and No is selected in the drop downlist - the
registry setting must be there with a value of 0
Is all the above possible?
Below is the adm file as it is now (I have put a lot of spaces in a part
section, this can also probably be done otherwise).
CLASS MACHINE
CATEGORY "Office Components"
POLICY "PST Restrictions"
KEYNAME "SOFTWARE\Microsoft\Office\11.0\Outlook"
PART "This setting restricts the use of PST files."
TEXT
END PART
PART "
"
TEXT
END PART
PART "Restrict PST files" DROPDOWNLIST
VALUENAME DisablePST
ITEMLIST
NAME "Yes" VALUE NUMERIC 1 DEFAULT
NAME "No" VALUE NUMERIC 0
END ITEMLIST
END PART
END POLICY
END CATEGORY
Cheers,
Victor
_____
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Victor W.
Sent: zondag 22 oktober 2006 11:19
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Problem implementing a registry setting in ADM
Hi Alan,
Great work. I will implement it this way and offcourse will take a look at
the tool you suggested ;-)
Cheers,
Victor
_____
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Alan & Margaret
Sent: donderdag 19 oktober 2006 23:59
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Problem implementing a registry setting in ADM
Hi Victor,
You are correct that the problem is in your ItemList. The parts in bold are
not valid:-
ITEMLIST
NAME "Yes" VALUE Numeric 1
VALUE NUMERIC 1 DEFAULT
NAME "No" VALUE Numeric 0
VALUE NUMERIC 0
END ITEMLIST
An item list is a list of options. Each option must have a NAME and a VALUE.
You can have other keywords such as Numeric and Default.
Note: You don't really need to use an item List. A checkbox would be simpler
since it gives you an effective Yes/No value:-
PART "Restrict pst files" CHECKBOX
KEYNAME SOFTWARE\Microsoft\Office\11.0\Outlook
VALUENAME DisablePST
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END PART ;Restrict pst files
Note: At the risk of incurring the rage of list members, you should consider
using an ADM Editor tool (we sell one). If nothing else, download it and
play with it for a month and you will learn a lot about writing your own ADM
files!
Alan Cuthbertson
Policy Management Software:-
http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml
ADM Template Editor:-
http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml
Policy Log Reporter(Free)
<http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml>
http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml
----- Original Message -----
From: "Victor W." < <mailto:victor-w@xxxxxxxxx> victor-w@xxxxxxxxx>
To: < <mailto:gptalk@xxxxxxxxxxxxx> gptalk@xxxxxxxxxxxxx>
Sent: Friday, October 20, 2006 7:08 AM
Subject: [gptalk] Re: Problem implementing a registry setting in ADM
>
> I managed to get it working, see below.
> It seems as if the Yes and No checkboxes dont go together with the VALEUON
> NUMERIC 1 and the VALUEOFF NUMERIC 0.
> Am I correct in my assumption?
>
> CLASS MACHINE
> CATEGORY "Custom ADM Entries"
> POLICY "PST Restrictions"
> KEYNAME "SOFTWARE\Microsoft\Office\11.0\Outlook"
> PART "This setting restricts the use of PST files. Sander
> asks waarom?" TEXT
> END PART
> PART "Do you want to restrict PST files?" DROPDOWNLIST
> VALUENAME "DisablePST"
> ITEMLIST
> NAME "Yes" VALUE Numeric 1
> DEFAULT
> NAME "No" VALUE Numeric 0
> END ITEMLIST
> END PART
> END POLICY
> END CATEGORY
>
>
>
>
>
> -----Original Message-----
> From: <mailto:gptalk-bounce@xxxxxxxxxxxxx> gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On
> Behalf Of Victor W.
> Sent: donderdag 19 oktober 2006 22:33
> To: <mailto:gptalk@xxxxxxxxxxxxx> gptalk@xxxxxxxxxxxxx
> Subject: [gptalk] Re: Problem implementing a registry setting in ADM
>
> Thanks, that did it.
>
> I now changed the adm file a bit and now it looks like this, but it gives
me
> an error when I add it.
>
> CLASS MACHINE
> CATEGORY "Custom ADM Entries"
> POLICY "PST Restrictions"
> KEYNAME "SOFTWARE\Microsoft\Office\11.0\Outlook"
> VALUENAME "DisablePST"
> VALUEON NUMERIC 1
> VALUEOFF NUMERIC 0
>
> PART "Restricting the use of PST files" TEXT
> END PART
>
> PART "I want to restrict PST files" DROPDOWNLIST
>
> ITEMLIST
> NAME "Yes" VALUE Numeric 1
> VALUE NUMERIC 1 DEFAULT
> NAME "No" VALUE Numeric 0
> VALUE NUMERIC 0
> END ITEMLIST
> END PART
> END POLICY
> END CATEGORY
>
> It gives me the error that line 21 has no value.
>
> Anybody familiar with this?
>
> Cheers,
>
>
> Victor
>
>
>
> -----Original Message-----
> From: <mailto:gptalk-bounce@xxxxxxxxxxxxx> gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On
> Behalf Of Robert Tannehill
> Sent: donderdag 19 oktober 2006 17:00
> To: <mailto:gptalk@xxxxxxxxxxxxx> gptalk@xxxxxxxxxxxxx
> Subject: [gptalk] Re: Problem implementing a registry setting in ADM
>
> Victor,
> Make sure on the GPMC, you set View, Filtering, Only show policy settings
> that can be fully managed to Unchecked.
> Bob
>
> -----Original Message-----
> From: <mailto:gptalk-bounce@xxxxxxxxxxxxx> gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On
> Behalf Of <mailto:victor-w@xxxxxxxxx> victor-w@xxxxxxxxx
> Sent: Thursday, October 19, 2006 8:49 AM
> To: <mailto:gptalk@xxxxxxxxxxxxx> gptalk@xxxxxxxxxxxxx
> Subject: [gptalk] Problem implementing a registry setting in ADM
>
> Gents and ladies,
>
> I am trying to implement the following registry setting in an ADM file but
> it simply doenst show up in the GPO editor/GPMC.
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\11.0\Outlook]
> "DisablePST"=dword:00000001
>
> The folder itself (Custom ADM Entries), does appear but the setting simply
> isnt there.
> Am I missing something? I sure must be :-)
>
> I this setting I would also like to implement the VALUEON NUMERIC 1 and
the
> VALUEON NUMERIC 0. So that the setting is not deleted when choosing
disable.
>
> Any suggestions are greatly appreciated.
>
> See the adm file below.
>
> Cheers,
>
>
> Victor
>
>
> CLASS MACHINE
> CATEGORY "Custom ADM Entries"
> POLICY "PST Restrictions"
> KEYNAME "SOFTWARE\Microsoft\Office\11.0\Outlook"
> PART "Do you want to restrict PST files?" TEXT
> END PART
> PART "I want to restrict PST files" DROPDOWNLIST
> VALUENAME DisablePST
> ITEMLIST
> NAME "Yes" VALUE Numeric 1
> NAME "No" VALUE Numeric 0
> END ITEMLIST
> END PART
> END POLICY
> END CATEGORY
>
> ***********************
> You can unsubscribe from gptalk by sending email to
> <mailto:gptalk-request@xxxxxxxxxxxxx> gptalk-request@xxxxxxxxxxxxx with
'unsubscribe' in the Subject field OR by
> logging into the freelists.org Web interface. Archives for the list are
> available at <http://www.freelists.org/archives/gptalk/>
http://www.freelists.org/archives/gptalk/
> ************************
> ***********************
> You can unsubscribe from gptalk by sending email to
> <mailto:gptalk-request@xxxxxxxxxxxxx> gptalk-request@xxxxxxxxxxxxx with
'unsubscribe' in the Subject field OR by
> logging into the freelists.org Web interface. Archives for the list are
> available at <http://www.freelists.org/archives/gptalk/>
http://www.freelists.org/archives/gptalk/
> ************************
>
> ***********************
> You can unsubscribe from gptalk by sending email to
> <mailto:gptalk-request@xxxxxxxxxxxxx> gptalk-request@xxxxxxxxxxxxx with
'unsubscribe' in the Subject field OR by
> logging into the freelists.org Web interface. Archives for the list are
> available at <http://www.freelists.org/archives/gptalk/>
http://www.freelists.org/archives/gptalk/
> ************************
>
> ***********************
> You can unsubscribe from gptalk by sending email to
<mailto:gptalk-request@xxxxxxxxxxxxx> gptalk-request@xxxxxxxxxxxxx with
'unsubscribe' in the Subject field OR by logging into the freelists.org Web
interface. Archives for the list are available at
<http://www.freelists.org/archives/gptalk/>
http://www.freelists.org/archives/gptalk/
> ************************
- References:
- [gptalk] Re: Problem implementing a registry setting in ADM
- From: Victor W.
Other related posts:
- » [gptalk] Problem implementing a registry setting in ADM
- » [gptalk] Re: Problem implementing a registry setting in ADM
- » [gptalk] Re: Problem implementing a registry setting in ADM
- » [gptalk] Re: Problem implementing a registry setting in ADM
- » [gptalk] Re: Problem implementing a registry setting in ADM
- » [gptalk] Re: Problem implementing a registry setting in ADM
- » [gptalk] Re: Problem implementing a registry setting in ADM
- » [gptalk] Re: Problem implementing a registry setting in ADM
- » [gptalk] Re: Problem implementing a registry setting in ADM
- » [gptalk] Re: Problem implementing a registry setting in ADM
- » [gptalk] Re: Problem implementing a registry setting in ADM
- » [gptalk] Re: Problem implementing a registry setting in ADM
- » [gptalk] Re: Problem implementing a registry setting in ADM
- » [gptalk] Re: Problem implementing a registry setting in ADM
- » [gptalk] Re: Problem implementing a registry setting in ADM
- » [gptalk] Re: Problem implementing a registry setting in ADM
- [gptalk] Re: Problem implementing a registry setting in ADM
- From: Victor W.