Mombu the Microsoft Forum

Go Back   Mombu the Microsoft Forum > Microsoft > Custom GPO - Default REG_SZ Value is duplicating
User Name
Password
REGISTER NOW! Mark Forums Read




Reply
1 30th October 14:39
steve
External User
 
Posts: 1
Default Custom GPO - Default REG_SZ Value is duplicating


Hi,

Basically I am trying to create a custom ADM that will add the following
Registry Key.

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYSoesNotExist"

Here is what i have...

CLASS USER

CATEGORY !!My_Computer

POLICY !!Disable_Windows_Autorun_Policy
KEYNAME "Software\Microsoft\Windows
NT\CurrentVersion\IniFileMapping\Autorun.inf"
EXPLAIN !!Disable_Windows_Autorun_Comments_Explain
VALUENAME ""
VALUEON !!Disable_Windows_Autorun_Value
VALUEOFF DELETE

END POLICY

END CATEGORY

The custom ADM almost works. Problem is when a new key is created
(Autorun.inf), it also creates a new string value with no value data. So
when I apply my custom GPO, a second new string value gets created and there
should only be one.

To get a better idea of what I am trying to accomplish, here are a few
links.

http://www.us-cert.gov/cas/techalerts/TA09-020A.html

http://www.cert.org/blogs/vuls/2008/...s_autorun.html

http://nick.brown.free.fr/blog/2007/...ry-stick-worms

Any help would be appreciated.

Steve
  Reply With Quote


 


2 30th October 14:39
steve
External User
 
Posts: 1
Default Custom GPO - Default REG_SZ Value is duplicating


Figured it out. For anybody else who might be interested, here is a working
ADM.

CLASS USER

CATEGORY !!My_Computer

POLICY !!Disable_Windows_Autorun_Policy
KEYNAME "Software\Microsoft\Windows
NT\CurrentVersion\IniFileMapping\Autorun.inf"
EXPLAIN !!Disable_Windows_Autorun_Comments_Explain
VALUENAME ""
VALUEON !!Disable_Windows_Autorun_Value
VALUEOFF DELETE

END POLICY

END CATEGORY

[strings]
My_Computer="Company Specific"
Disable_Windows_Autorun_Policy="Disable Windows Autorun Policy"
Disable_Windows_Autorun_Comments_Explain="Enter the String Value
@="@SYSoesNotExist". This will disable windows autorun. This is also used
in addition to the Default Domain Policy - Computer Configuration\Admin
Templates\Windows Components\Turn Off Autoplay Policy."
Disable_Windows_Autorun_Value=@SYSoesNotExist
  Reply With Quote
3 30th October 14:39
florian frommherz [mvp]
External User
 
Posts: 1
Default Custom GPO - Default REG_SZ Value is duplicating

Steve,


Thanks for sharing. This will certainly help people out.

cheers,

Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
  Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode




Copyright © 2006 SmartyDevil.com - Dies Mies Jeschet Boenedoesef Douvema Enitemaus -
666