26 November, 2010

How to Create Custom Group Policy using Reg2Adm

Group Polices are an Interface that allow you to make modifications in Registry. Whatever change you make in a Group Policy is mapped to a Registry Location

Not all the registry settings has a group Policy Setting defined for them. We can although create custom GPO which can map to specific registry location according to the need

The tool to create custom group policy is "Reg2adm". Please note that this is not a Microsoft Tool and is a 3rd Party tool

To download the tool, just type "download reg2ad nuts". There are different versions of Reg2adm tool available, but we will be using the one which is available in Nuts. Nuts is a package that contains certain tools out of which reg2adm is one of them.

Download Nuts.Exe

Once you install Nuts.Exe, you can see Reg2adm in C:\Program Files\Nuts

Here, as an example, we want to deploy a registry key "MaxPacketSize" to our few Windows XP Client Machine and wants to use a Group Policy for the same. Since we do not have any group policy be default for this key "MaxPacketSize", so we will create a group policy using Re2adm

For that, we need to first create this key manually on one machine

Once the key is created, we need to export the key or the sub key under which this registry key has been created

Save the exported key as .Reg

Now open Reg2adm tool

Import that saved .Reg file into the Reg2adm tool

Depending upon whether you have exported a key or a sub key, all the registry settings will be displayed in the tool

The important part now begins. We just need that piece of data for which we are creating the Group Policy i.e "MaxPacketSize". Although there is no harm in having more data but that will only create confusion. So we need to remove all the rest of the data except for "MaxPacketSize"

If you have learnt programming, then you will be aware of the fact that in programming everything has a start and an identical end, for Example, <HTML> </HTML>

Similarly we need to have the following

Make sure you have at least these 3 lines and rest you can delete

Now save this file as .adm

Open the Group Policy where you want to apply this Group Policy

The part of a GPO that maps to the Registry is an "Administrative Template". Since we have created the key in HKey_Local_Machine, hence this will be a computer policy and will be applied under the administrative templates of computer configuration of a GPO

Select the "Administrative Template" and select "Add/Remove Template" and select the .adm file created above

It is important to remember the fact that by default the Registry location will get displayed once you add the adm but the setting will not be displayed

For this you have to select View -> Filtering

Uncheck the option "Only show policies that can be fully Managed" as the policy that we have created is not fully managed while the policies in the administrative templates are full managed

Full Managed are those which when removed the corresponding setting from the registry also get removed automatically. The settings in the registry does not get STICK when the corresponding policy is removed. Where in if a policy is not fully managed, then once the policy is applied and then removed, the settings will still persist in the Registry

In this example, by default the "MaxPacketSize" registry key does not exist. When we will apply this group policy, it will create the key. But since these are not fully managed, when we will remove this group policy, it will NOT delete the key automatically from the registry.

Now we can see the "MaxPacketSize" group policy setting

Lets for testing purpose, delete the key. This time it should get created using the group policy

Enable the setting and set the value as 1

Run gpupdate /force and check if the registry setting got created for "MaxPacketSize"

Wow.... Its here.....