[gptalk] Re: Delete a Custom ADM policy
- From: tamerm@xxxxxxxx
- To: gptalk@xxxxxxxxxxxxx
- Date: Sun, 11 Jan 2009 09:15:43 +0200
Thanks Allan for the help you provide to me.
Is there any documentation about the Tattooed policy as I try to search
the net for more info and did not find any.
Thanks again
Tamer
"Alan Cuthbertson" <syspro@xxxxxxxxxxxxxxxx>
Sent by: gptalk-bounce@xxxxxxxxxxxxx
01/09/2009 10:07 PM
Please respond to
gptalk@xxxxxxxxxxxxx
To
<gptalk@xxxxxxxxxxxxx>
cc
Subject
[gptalk] Re: Delete a Custom ADM policy
Hi Tamer,
Because the key is System\CurrentControlSet\Control\Terminal Server it is
considered a Tattooed policy and so by default it is hidden in GPMC.
On a Windows 2000 workstation, to see tattooed policies you must select
"Administrative Templates" in the left panel, then Unclick "View/Show
Policies Only".
On XP the setting is the ?Only show policy settings that can be fully
managed? check box under ?View/Filtering?. You must uncheck it.
Alan Cuthbertson
Policy Management Software (Now with ADMX and Preference support):-
http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml
ADM Template Editor(Now with ADMX support):-
http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml
Policy Log Reporter(Free)
http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of tamerm@xxxxxxxx
Sent: Saturday, 10 January 2009 2:19 AM
To: gptalk
Subject: [gptalk] Re: Delete a Custom ADM policy
Darren,
The issue now is not delete the key as I manage to do so by changing the
value in GP to not configured and then remove the ADM itself.
The issue now is that when I correct the key in the ADM file and add it to
the GP, I cannot see the item at the GPMC at all.
Thanks
Tamer
Thanks
Tamer M Abdel-Rahman
Sent from BlackBerry
----- Original Message -----
From: gptalk-bounce
Sent: 01/09/2009 04:48 PM
To: <gptalk@xxxxxxxxxxxxx>
Subject: [gptalk] Re: Delete a Custom ADM policy
Tamer-
Are you trying to remove the key or its value? REG DELETE, for example,
only removes values?not keys. You would need to manually (or via script)
remove the incorrect key, or use GP Preferences to do it.
Darren
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of tamerm@xxxxxxxx
Sent: Friday, January 09, 2009 1:00 AM
To: gptalk
Subject: [gptalk] Re: Delete a Custom ADM policy
Hi Alan,
The new key is "System/CurrentControlSet/Control/Terminal Server"
And not the same as the old key.
Also Alan you could review my frist email it has both ADM files containts.
Thanks
Tamer M Abdel-Rahman
Sent from BlackBerry
----- Original Message -----
From: gptalk-bounce
Sent: 01/08/2009 10:45 PM
To: <gptalk@xxxxxxxxxxxxx>
Subject: [gptalk] Re: Delete a Custom ADM policy
Hi Tamer,
What is the new registry key? If it is not under Software/Policies then it
will be hidden unless you select to display Tattooed policies.
By default GPMC only displays "Non Tattooed" policies (i.e. those in the
"Software/Policies" or "Software/Microsoft/Current Version/Policies"
keys).
On a Windows 2000 workstation, to see tattooed policies you must select
"Administrative Templates" in the left panel, then Unclick "View/Show
Policies Only".
On XP the setting is the ?Only show policy settings that can be fully
managed? check box under ?View/Filtering?. You must uncheck it.
Alan Cuthbertson
Policy Management Software (Now with ADMX and Preference support):-
http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml
ADM Template Editor(Now with ADMX support):-
http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml
Policy Log Reporter(Free)
http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of tamerm@xxxxxxxx
Sent: Thursday, 8 January 2009 11:48 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Delete a Custom ADM policy
Thanks Alan,
I had just manage to do what you had mentioned to remove the ADM But I
have another issue that when I correct the registry key in the ADM file
and add it to the GP, I cannot see the item at the GPMC at all.
I think it may be a conflict with the old ADM? Don't know actually and it
confuses me.
Thanks
Tamer
"Alan Cuthbertson" <syspro@xxxxxxxxxxxxxxxx>
Sent by: gptalk-bounce@xxxxxxxxxxxxx
01/08/2009 01:33 PM
Please respond to
gptalk@xxxxxxxxxxxxx
To
<gptalk@xxxxxxxxxxxxx>
cc
Subject
[gptalk] Re: Delete a Custom ADM policy
Hi,
Once the setting has been activated in the GPO, removing the ADM file is
not sufficient. All that this does is hide it in GPEDIT. If you put the
ADM file back in place, you will see that the setting is still enabled.
You need to put the ADM file back, change the setting to ?not Applied? and
then remove the ADM file.
Alternatively you can leave the wrong key in the ADM file and change it to
DELETE. This will then remove the wrong key valuename from all the
machines.
Alan Cuthbertson
Policy Management Software (Now with ADMX and Preference support):-
http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml
ADM Template Editor(Now with ADMX support):-
http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml
Policy Log Reporter ? including Preference logging(Free)
http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of tamerm@xxxxxxxx
Sent: Thursday, 8 January 2009 6:57 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Delete a Custom ADM policy
I try to add a registry key to a registry using the ADM file, but I write
a wrong path to the registry key.
I tried to remove the custom ADM from the GP and manually delete the
registry key from the clients computers using REG DELETE. But I found that
the client computer is still having that key in the registry after
restarting?
What is the best way to do the following:-
1- Remove the incorrect ADM from the GP.
2- Remove the incorrect key from clients computers.
3- Reapplying the ADM after correcting the registry key.
The incorrect ADM is:
CLASS MACHINE
CATEGORY "Windows Components"
CATEGORY "Terminal Services"
KEYNAME "SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services"
POLICY !!ALLOW_TSMANAGER
#if version >= 4
SUPPORTED !!WinXP
#endif
EXPLAIN !!ALLOW_TSMANAGER_EXPLAIN
ACTIONLISTON
VALUENAME "AllowRemoteRPC" VALUE NUMERIC 1
END ACTIONLISTON
ACTIONLISTOFF
VALUENAME "AllowRemoteRPC" VALUE NUMERIC 0
END ACTIONLISTOFF
END POLICY
End Category
End Category
[strings]
WinXP="At least Windows XP Professional or Windows 2003 Server"
ALLOW_TSMANAGER="Allow access from Terminal Services Manager"
ALLOW_TSMANAGER_EXPLAIN="Allows administrators to use the Terminal
Services Manager to remote control the user session."
The correct ADM is:
CLASS MACHINE
CATEGORY "Windows Components"
CATEGORY "Terminal Services"
KEYNAME "System\CurrentControlSet\Control\Terminal Server"
POLICY !!ALLOW_TSMANAGER
#if version >= 4
SUPPORTED !!WinXP
#endif
EXPLAIN !!ALLOW_TSMANAGER_EXPLAIN
ACTIONLISTON
VALUENAME "AllowRemoteRPC" VALUE NUMERIC 1
END ACTIONLISTON
ACTIONLISTOFF
VALUENAME "AllowRemoteRPC" VALUE NUMERIC 0
END ACTIONLISTOFF
END POLICY
End Category
End Category
[strings]
WinXP="At least Windows XP Professional or Windows 2003 Server"
ALLOW_TSMANAGER="Allow access from Terminal Services Manager"
ALLOW_TSMANAGER_EXPLAIN="Allows administrators to use the Terminal
Services Manager to remote control the user session."
This is an e-mail from General Dynamics Land Systems. It is for the
intended recipient only and may contain confidential and privileged
information. No one else may read, print, store, copy, forward or act in
reliance on it or its attachments. If you are not the intended recipient,
please return this message to the sender and delete the message and any
attachments from your computer. Your cooperation is appreciated.
This is an e-mail from General Dynamics Land Systems. It is for the
intended recipient only and may contain confidential and privileged
information. No one else may read, print, store, copy, forward or act in
reliance on it or its attachments. If you are not the intended recipient,
please return this message to the sender and delete the message and any
attachments from your computer. Your cooperation is appreciated.
This is an e-mail from General Dynamics Land Systems. It is for the
intended recipient only and may contain confidential and privileged
information. No one else may read, print, store, copy, forward or act in
reliance on it or its attachments. If you are not the intended recipient,
please return this message to the sender and delete the message and any
attachments from your computer. Your cooperation is appreciated.
This is an e-mail from General Dynamics Land Systems. It is for the
intended recipient only and may contain confidential and privileged
information. No one else may read, print, store, copy, forward or act in
reliance on it or its attachments. If you are not the intended recipient,
please return this message to the sender and delete the message and any
attachments from your computer. Your cooperation is appreciated.
This is an e-mail from General Dynamics Land Systems. It is for the intended
recipient only and may contain confidential and privileged information. No one
else may read, print, store, copy, forward or act in reliance on it or its
attachments. If you are not the intended recipient, please return this message
to the sender and delete the message and any attachments from your computer.
Your cooperation is appreciated.
Other related posts:
