[gptalk] Re: Disadvantages of Tattooing.

  • From: "Alan & Margaret" <syspro@xxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Sat, 5 Jan 2008 07:43:43 +1100

Just a couple of minor points. 


While Jamie is correct in that you need another policy to undo the setting,
the really annoying problem is that you can never get back to what the user
originally had. When the policy is first applied it destroys the original
setting. The use of the POLICY keys as described by Darren's link, means
that the original user settings are still maintained, so removing these
Policy keys will reenable what the user had in the non-policy key.


The statement in Darren's link "the first thing that Windows does is remove
all registry values under our 4 magic keys" oversimplifies the process
slightly. Group Policy processing only deletes the entries that were placed
there via Group Policy. If you manually create an entry under these "Magic
keys" by some other method, it will stay there. This can be a good thing, or
a bad thing. The list of entries to be removed from the user's registry is
kept in a file called ntuser.pol in the users profile. This is why (as
discussed earlier in this group) you get in trouble if your default policy
has a version of ntuser.pol which is not consistent with the registry in the
default profile.     


Alan Cuthbertson



 Policy Management Software:-



ADM Template Editor:-



Policy Log Reporter(Free)







From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Darren Mar-Elia
Sent: Saturday, 5 January 2008 1:50 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Disadvantages of Tattooing.


Couldn't have said it better. You can take at look at this page on my site
that I wrote a while ago, which explains the mechanics of it, if you're
interested: http://www.gpoguy.com/faqs/tattoo.htm.


BTW, as a humorous aside, when us GP MVPs were last up in Redmond the GP
team asked us about the word "Preferences" and what they meant to us. Most
of us, of course, responded that they were tattooing policy values because
that's what they've been called forever. But enough folks didn't say that
they decided to give the "Group Policy Preferences" name to the upcoming
DesktopStandard PolicyMaker product. I thought (and still think) its
confusing because Preferences == Tattooing but I guess I'm not in marketing.




From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Nelson, Jamie R
Sent: Friday, January 04, 2008 6:44 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Disadvantages of Tattooing.


Well, when a preference is tattooed in the registry you can't undo it by
simply unlinking the policy. You would have to enforce that setting's
opposite value via another GPO.


It can be quite a pain in larger, more complex environments. However, when a
policy based setting does not exist, it may often times be your only option.



Jamie Nelson


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Nidhi Garg
Sent: Friday, January 04, 2008 2:35 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Disadvantages of Tattooing.



Wanted to know about disadvantages of Tattooing of registry based group

How can it affect the policy affect ?





This e-mail may contain identifiable health information that is subject to
protection under state and federal law. This information is intended to be
for the use of the individual named above. If you are not the intended
recipient, be aware that any disclosure, copying, distribution or use of the
contents of this information is prohibited and may be punishable by law. If
you have received this electronic transmission in error, please notify us
immediately by electronic mail (reply).

Other related posts: