[gptalk] Re: Delete a Custom ADM policy

• From: tamerm@xxxxxxxx
• To: gptalk@xxxxxxxxxxxxx
• Date: Thu, 8 Jan 2009 14:48:17 +0200

Thanks Alan,

I had just manage to do what you had mentioned to remove the ADM But I 
have another issue that when I correct the registry key in the ADM file 
and add it to the GP, I cannot see the item at the GPMC at all.

I think it may be a conflict with the old ADM? Don't know actually and it 
confuses me.

Thanks

Tamer






"Alan Cuthbertson" <syspro@xxxxxxxxxxxxxxxx> 
Sent by: gptalk-bounce@xxxxxxxxxxxxx
01/08/2009 01:33 PM
Please respond to
gptalk@xxxxxxxxxxxxx


To
<gptalk@xxxxxxxxxxxxx>
cc

Subject
[gptalk] Re: Delete a Custom ADM policy






Hi,
 
Once the setting has been activated in the GPO, removing the ADM file is 
not sufficient. All that this does is hide it in GPEDIT. If you put the 
ADM file back in place, you will see that the setting is still enabled. 
You need to put the ADM file back, change the setting to ?not Applied? and 
then remove the ADM file.
 
Alternatively you can leave the wrong key in the ADM file and change it to 
DELETE. This will then remove the wrong key valuename from all the 
machines.
 
 
Alan Cuthbertson
 
 
 Policy Management Software (Now with ADMX and Preference support):-
http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml
 
ADM Template Editor(Now with ADMX support):-
http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml
 
Policy Log Reporter ? including Preference logging(Free)
http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml
 
 
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of tamerm@xxxxxxxx
Sent: Thursday, 8 January 2009 6:57 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Delete a Custom ADM policy
 

I try to add a registry key to a registry using the ADM file, but I write 
a wrong path to the registry key. 

I tried to remove the custom ADM from the GP and manually delete the 
registry key from the clients computers using REG DELETE. But I found that 
the client computer is still having that key in the registry after 
restarting? 

What is the best way to do the following:- 
1- Remove the incorrect ADM from the GP. 
2- Remove the incorrect key from clients computers. 
3- Reapplying the ADM after correcting the registry key. 


The incorrect ADM is: 
CLASS MACHINE 
CATEGORY "Windows Components" 
CATEGORY "Terminal Services" 
KEYNAME "SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" 

POLICY !!ALLOW_TSMANAGER 
#if version >= 4 
SUPPORTED !!WinXP 
#endif 
EXPLAIN !!ALLOW_TSMANAGER_EXPLAIN 
ACTIONLISTON 
VALUENAME "AllowRemoteRPC" VALUE NUMERIC 1 
END ACTIONLISTON 
ACTIONLISTOFF 
VALUENAME "AllowRemoteRPC" VALUE NUMERIC 0 
END ACTIONLISTOFF 
END POLICY 


End Category 
End Category 

[strings] 
WinXP="At least Windows XP Professional or Windows 2003 Server" 
ALLOW_TSMANAGER="Allow access from Terminal Services Manager" 
ALLOW_TSMANAGER_EXPLAIN="Allows administrators to use the Terminal 
Services Manager to remote control the user session." 

The correct ADM is: 
CLASS MACHINE 
CATEGORY "Windows Components" 
CATEGORY "Terminal Services" 
KEYNAME "System\CurrentControlSet\Control\Terminal Server" 

POLICY !!ALLOW_TSMANAGER 
#if version >= 4 
SUPPORTED !!WinXP 
#endif 
EXPLAIN !!ALLOW_TSMANAGER_EXPLAIN 
ACTIONLISTON 
VALUENAME "AllowRemoteRPC" VALUE NUMERIC 1 
END ACTIONLISTON 
ACTIONLISTOFF 
VALUENAME "AllowRemoteRPC" VALUE NUMERIC 0 
END ACTIONLISTOFF 
END POLICY 


End Category 
End Category 

[strings] 
WinXP="At least Windows XP Professional or Windows 2003 Server" 
ALLOW_TSMANAGER="Allow access from Terminal Services Manager" 
ALLOW_TSMANAGER_EXPLAIN="Allows administrators to use the Terminal 
Services Manager to remote control the user session." 













This is an e-mail from General Dynamics Land Systems. It is for the 
intended recipient only and may contain confidential and privileged 
information. No one else may read, print, store, copy, forward or act in 
reliance on it or its attachments. If you are not the intended recipient, 
please return this message to the sender and delete the message and any 
attachments from your computer. Your cooperation is appreciated. 



This is an e-mail from General Dynamics Land Systems. It is for the intended 
recipient only and may contain confidential and privileged information.  No one 
else may read, print, store, copy, forward or act in reliance on it or its 
attachments.  If you are not the intended recipient, please return this message 
to the sender and delete the message and any attachments from your computer. 
Your cooperation is appreciated.

• Follow-Ups:
  • [gptalk] Re: Delete a Custom ADM policy
    • From: Alan Cuthbertson

• References:
  • [gptalk] Re: Delete a Custom ADM policy
    • From: Alan Cuthbertson

Other related posts:

• » [gptalk] Delete a Custom ADM policy- tamerm
• » [gptalk] Re: Delete a Custom ADM policy- Alan Cuthbertson
• » [gptalk] Re: Delete a Custom ADM policy - tamerm
• » [gptalk] Re: Delete a Custom ADM policy- Alan Cuthbertson
• » [gptalk] Re: Delete a Custom ADM policy- tamerm
• » [gptalk] Re: Delete a Custom ADM policy- tamerm
• » [gptalk] Re: Delete a Custom ADM policy- Darren Mar-Elia
• » [gptalk] Re: Delete a Custom ADM policy- tamerm
• » [gptalk] Re: Delete a Custom ADM policy- Darren Mar-Elia
• » [gptalk] Re: Delete a Custom ADM policy- Alan Cuthbertson
• » [gptalk] Re: Delete a Custom ADM policy- tamerm
• » [gptalk] Re: Delete a Custom ADM policy- Alan Cuthbertson

1. Home
2. gptalk
3. Archive
4. 01-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---