By Thomas Manier – Posted Feb 24, 2012 5:30PM
I wanted to give a quick tutorial on how to change registry keys through group policy. This is actually documented several times on the internet but very few give a clear understanding of the steps you need to take in order to achieve a quick solution. As a note, this will permanently add registry keys to computers. You can modify the values through group policy but it will require extra work in order to remove any key created in this manner. Also, I’m not going to cover everything you can do with this feature of group policy (technically, it’s an entire scripting language) but just how to push out registry keys to the HKEY_User directory.
1 – You will need to create an .adm file in Notepad with the following format:
CLASS USER CATEGORY !!Name POLICY !!Name EXPLAIN !!Explanation KEYNAME "Key directory" VALUENAME "Key name" VALUEON "key value when active" VALUEOFF "key value when inactive" END POLICY END CATEGORY[strings] Name="Custom name" Explanation="Custom Explanation"
If you want to adhere to standards the name should be all lower case and saved in the %SystemRoot%inf directory.
The “key directory” will be the directory in HKEY_CURRENT_USER that will be used. The “key name” will be the actual key that will be modified and the two values will be the DWORD or String that will be stored in the key when the group policy is on or off. The “Custom name” and “Custom Explanation” are strings that can be modified to show in GPEDIT what is actually happening in this group policy. Below is an example of how to set a registry key to add a www.advanceddns.com to the trusted sites section of Internet Explorer (i.e. Add the key “www” to “HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainsadvanceddns.com” with the value of “2” when active and “0” when inactive).
CLASS USER CATEGORY !!Name POLICY !!Name EXPLAIN !!Explanation KEYNAME "SoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainsadvanceddns.com" VALUENAME "www" VALUEON "2" VALUEOFF "0" END POLICY END CATEGORY [strings] Name="Advanced Data Trusted Sites" Explanation="Add www.advanceddns.com website to trusted sites"
2 – Next we need to add the template to Group Policy Object Editor. Open up group policy and edit the policy that you would like to incorporate this change to. Expand “User Configuration” and right click on “Administrative Templates.” Click “Add/Remove Templates…” In the window that appears, press the button labeled “Add…” Navigate to the directory that the ADM file was saved in and open the policy.[ 1 ] Press “Close.”
3 – Next ensure that “Administrative Templates” is highlighted and press “View” and then “Filtering.” Uncheck the box for “Only show policy settings that can be fully managed” and press “OK.” When you expand the “Administrative Templates” section you should now see the new policy.
4 – Apply the group policy, to a group of users.