[gptalk] FW: Re: Usage of GPO_OPEN_LOAD_REGISTRY | GPO_OPEN_READ_ONLY flags

  • From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Wed, 30 Aug 2006 08:03:49 -0700

Posting Thorbjorn's response to this since he's having some problems with
email.
 
 
  _____  

From: Thorbjörn Sjövold 
Sent: Tuesday, August 29, 2006 11:52 AM
To: 'gptalk@xxxxxxxxxxxxx'
Subject: RE: [gptalk] Re: Usage of GPO_OPEN_LOAD_REGISTRY |
GPO_OPEN_READ_ONLY flags


 
Darren, sorry for being only being a lurker your list and not a contributor
anymore :), but you have so many bright people here on the list nowadays. My
plan is to become an active contributor again in the future since this is
one of the top GP resources available?
 
Raghuramji,
 
IGroupPolicyObject is an old friend of mine; one must remember that Group
Policy has a legacy from the old NT 4 system policies, and that some of the
COM interfaces and APIs was created before Windows 2000. So in this case,
even if the parameter says GPO_OPEN_LOAD_REGISTRY, it really means that you
open the GPO in edit mode, regardless if you want to use the Registry.pol or
not. I have never encountered this problem, but it sounds like the newly
created GPC and GPT are not in sync, i.e. you have access to the GPC, but
the GPT is not there. 
* Are you passing an explicit DC in the pszDomainName parameter or are you
letting your system select? 
*After you create it as a read-only GPO, do you see both the GPC and the GPT
on the DC where you created it, if not does replication fix it after a
while? 
* Can you use the OpenDSGPO with GPO_OPEN_LOAD_REGISTRY on an existing GPO?
 
Best,
Thorbjörn Sjövold 
Special Operations Software 
www.specopssoft.com 
thorbjorn.sjovold a t specopssoft.com 

Downlad our free tool for remote Gpupdate with graphical reporting, 
http://www.specopssoft.com/products/specopsgpupdate/default.asp 

 
 

  _____  

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Darren Mar-Elia
Sent: Monday, August 28, 2006 8:04 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Usage of GPO_OPEN_LOAD_REGISTRY | GPO_OPEN_READ_ONLY
flags


A quick Google search seems to deliver few good answers, but I found a code
snippet here: http://www.totalblowhole.com/new-823399-3604.html that seems
to show some successful code using this flag. Other than that, I haven't
spent enough time myself with this API to know for sure. Maybe Thorbjorn,
who lurks here occasionally, has some insight, since I think he looked at
this API a while back.

Darren
 


  _____  

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of ramji chandran
Sent: Monday, August 28, 2006 3:00 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Usage of GPO_OPEN_LOAD_REGISTRY | GPO_OPEN_READ_ONLY flags


Hi,

Can somebody explain the real usage of flags "GPO_OPEN_LOAD_REGISTRY" and
"GPO_OPEN_READ_ONLY" in the IGroupPolicy method "New"?

I've a particular condition where while trying to create a GPO
programmatically with the GPO_OPEN_LOAD_REGISTRY flag set it throws an error
of 0x80070003(The system cannot find the path specified).  This problem gets
solved if I use the flag "GPO_OPEN_READ_ONLY", but causes problem while
updating my CSE GUID during linking.  Kindly note I do not want to create
any ".pol" files that contains the registry entries. I've my configuration
data separately in a XML file generated under the SYSVOL.

Please advice me on the right usage of these flags and their purpose or any
pointers on this would be highly appreciated.

Thanks,
Raghuramji C.

Other related posts: