6

Recently I have added registry keys in active directory and I need to push them via group policy instead of going to each PC to apply the new ones.
How can I push new registry keys (not modify existing ones) via group policy?

Note: I'm using Windows Server 2003 64 bit and my clients are running Windows XP Professional.

Massimo
  • 68,714
  • 56
  • 196
  • 319
AAA-Super
  • 133
  • 1
  • 2
  • 9

4 Answers4

7

There is no built-in feature in Windows Server 2003 GPOs to configure custom Registry keys.

You can either use a startup/logon script to import a .REG file, or create a custom administrative template which will act on the keys you need to modify.

Massimo
  • 68,714
  • 56
  • 196
  • 319
  • Massimo could you please read down what I faced the problem! and how can I create a custom administrative template?Thanks – AAA-Super Aug 05 '11 at 13:16
3

I solved but I didn't understand how it works!.I have windows 7 pro and I have installed administrative tools of 2008 in group policy management I created new policy so inside group policy management of windows 2008 there are new features for registry Computer Configuration --> Preferences --> Windows setting --> Registry from there you can push new policies but don't ask how I can use this feature and my windows server is 2003! if any one can explain to me?

AAA-Super
  • 133
  • 1
  • 2
  • 9
  • 1
    You're using something called Group Policy Preferences (GPP) which is an extension to regular Group Policy. Your target computers will only receive the settings if they have the GPP update installed. http://www.microsoft.com/download/en/details.aspx?id=24449 – Nic Aug 11 '11 at 07:06
2

Add this to your netlogon folder then create a logon gpo to run the batch. Change the registry key and location and name of file to whatever you call them.

REG QUERY hkcu\software\microsoft\windows\currentversion\run /v restart_sticky_notes
IF %errorlevel%==0 GOTO skip_reg_inport
regedit.exe /s \\server\registry_folder\regfile.reg
:skip_reg_inport
Nixphoe
  • 4,524
  • 7
  • 32
  • 51
  • Well it seems i have another problem why i didn't see netlogon? in this case what is have to do? thanks for your help – AAA-Super Aug 05 '11 at 13:53
  • The netlogon folder is on any of your domain controllers default share. If you're missing that, that's a whole other issue and would be best addressed in another question. You basicly want to drop your script and your .reg file into a shared folder so all of your workstations can access it. Then make sure to point to those locations in your GPO logon script, and the regedit import. – Nixphoe Aug 05 '11 at 14:01
  • 1
    So I have to write another question to explain where netlogon share folder disappeared.Thanks alot for your support and i will come back later – AAA-Super Aug 05 '11 at 15:08
0

What I would do (Personal Experience only) is the following:

Export the registry settings. Log On / Log Off user settings for each user. Under the logon node we use a regsomething.exe which calls the registry file with a silent switch in front.

Use a famous button called show files, and then drop the editreg.reg fil into sysvol.

Voila.

Good luck have fun!

Maclovin
  • 249
  • 1
  • 2
  • 11
  • Thanks Maclovin but I had weird message after I put the key inside show files of user configuration it ask the user for apply the key and if the user press yes message said cannot (import......error accessing the registry) it's normal because they have user rights and users not authorized to change something. It's possible to make silent applying? – AAA-Super Aug 05 '11 at 12:56
  • But the way i didn't understand what you said about regsomething.exe? – AAA-Super Aug 05 '11 at 12:57