Hi Michael, I sent an earlier post which should give you a bit of an insight into shadow key management. But there are two simple rules to stop the shadow key causing you issues. *Rule 1.* If you're determined to use the shadow key, use the sdt utility (*s*et *d* ate/*t*ime, look for rdt-sdt.zip) to make sure you've got a consistent time/date stamp on the shadow key on all your servers, as well as making sure they all have the same shadow key values. Use the sysinternals pstools utility, psexec to do this. eg using a batch file like: ------- @echo off :: shadowkey.cmd - propagate shadow key value to servers in a farm and update the time/date stamp :: export the shadow key value from your "gold" server as shadow_key.reg :: copy sdt.exe to c:\windows on all your servers For /f "skip=3" %%i in ('qfarm /load') do copy shadow_key.reg \\%%i\c$\temp& psexec \\%%i c:\windows\regedit.exe c:\temp\shadow_key.reg & psexec \\%%ic:\windows\sdt.exe 19 6 2007 -------- The syntax for using sdt is: Format: sdt <day> <month> <year> Example: sdt 19 6 2007 Would set the registry timestamp to be June 19, 2007 The complementary program to sdt is rdt (read date/time) which will give you an output like: Key: Software\Microsoft\Windows NT\Current Version\Terminal Server\Install\Software. Subkeys 8, timestamp 9:1:2:312 on 6/10/2007 Key: Adobe. Subkeys 1, timestamp 10:48:2:718 on 5/21/2007 Key: Acrobat Reader. Subkeys 1, timestamp 10:48:2:718 on 5/21/2007 Key: 7.0. Subkeys 4, timestamp 10:48:2:718 on 5/21/2007 Key: AdobeViewer. Subkeys 0, timestamp 10:48:2:718 on 5/21/2007 Key: Installer. Subkeys 0, timestamp 10:48:2:718 on 5/21/2007 Key: InstallPath. Subkeys 0, timestamp 10:48:2:718 on 5/21/2007 Key: Language. Subkeys 2, timestamp 10:48:2:718 on 5/21/2007 Key: current. Subkeys 0, timestamp 10:48:2:718 on 5/21/2007 Key: next. Subkeys 0, timestamp 10:48:2:718 on 5/21/2007 Key: Citrix. Subkeys 1, timestamp 19:56:29:464 on 12/7/2006 Key: ICA Client. Subkeys 1, timestamp 19:56:29:464 on 12/7/2006 Key: Keyboard Mapping. Subkeys 0, timestamp 19:56:29:464 on 12/7/2006 Key: Compaq. Subkeys 1, timestamp 9:1:2:312 on 6/10/2007 *Rule 2.* DON'T use the shadow key. This makes your life more difficult, especially for stuff like AutoDesk and Macromedia (now Adobe) applications that will die if they don't have the right user registry values when you've disabled windows installer for non-admins. But it's actually not too hard to manage this stuff using scripting or the desktop standard group policy extension tool. regards, Rick -- Ulrich Mack Commander Australia On 6/18/07, Boggan, Michael <Michael.Boggan@xxxxxxxxxxxxxxxxx> wrote:
We are having issues with users loosing configurations, etc, especially in Outlook and other Office apps. We have been troubleshooting this for a while now and have been looking at the issue with the shadow key time stamps. Has anyone else had to deal with this? One of the things we have noticed using the RDT tool provided by Microsoft is that the time stamps are changing even when we are not doing anything. Perfect example is that this morning I had a user loose her configurations. I logged into the server that they were in this morning and ran RDT and saw that the time stamps on all of the shadow keys were set to this morning at 2:24 am. We had NOTHING running at that time of the morning. Especially no installs. Any one have an idea of why this time stamp would be changing? *Michael Boggan*