Re: Registry settings management for 16 computers through Group Po
- From: "Tariq Ziad" <TariqZiad@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 15 Aug 2005 04:30:01 -0700
Dear Darren,
I ma still wating for your reply :)
Please see the following ADM templete that I have created:
-----------------------------------------------------------
#if version <= 2
#endif
CLASS MACHINE
CATEGORY !!AutoLogon
POLICY !!AutoLogonCfg
KEYNAME "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
#if version >= 4
SUPPORTED !!SUPPORTED_Window2000
#endif
#if version >= 3
EXPLAIN !!AutoLogonCfg_Help
#endif
VALUENAME "AutoAdminLogon"
VALUEON "1"
VALUEOFF "0"
PART !!DomainName EDITTEXT REQUIRED
VALUENAME "DefaultDomainName"
END PART
PART !!UserName EDITTEXT REQUIRED
VALUENAME "DefaultUserName"
END PART
PART !!Password EDITTEXT REQUIRED
VALUENAME "DefaultPassword"
END PART
END POLICY
END CATEGORY ;; AutoLogon
[strings]
testing="test policy"
AutoLogon="Automatic User logon"
SUPPORTED_Window2000="Windows 2000, XP "
AutoLogonCfg="Configure Automatic user logon"
AutoLogonCfg_Help="Specifies whether this computer will have default user
logon.\n\nThis setting lets you specify if automatic logon is enabled on this
computer. If the service is enabled, you must choose the Domain Name, the
User Name, and the Password.\n\n"
DomainName="Please enter your domain name: "
UserName="Please enter the user name: "
Password="Please enter the password: "
------------------------------------------------------
This ADM fiel is working fine. The problem now is that this is not a real
policy templete. It is changing the registry preferneces.
To be a real policy, the key needs to be located under Approved Registry Key
Locations for Group Policy Settings:
HKLM\Software\Policies
OR
HKLM\Software\Microsoft\WIndows\CurrentVersion\Policies
I tried changing the key name to the following key name (KEYNAME
"SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon").
The registry values were created as per this ADM templete when enabling it
but this policy was not applied.
Could you advise me what should the registry key name be so that these
settings would appear in the registry as a policy? Or is there some changes
other than the key name that I am not aware of??
Also, is there any other way to change these settings for 16 Pcs without
storing this default account password in the registry.
Your reply on this reply and the previous reply dayed Aug, 12th would be
appreciated.
"Darren Mar-Elia" wrote:
> Tariq-
> To do this you need to create a custom ADM file for your 3 registry entries.
> Information on doing this can be found at
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/gp/admtgp.mspx.
> To answer your questions below,
>
> 1. I don't know of a way to instantly lock the computer after the user logs
> on. There are a couple of things you could try. For example, you use GP to
> set the screensaver to a small interval (1 min) and then enable it to be
> password protected. Alternatively you could try creating a logon script
> within GP that runs the following command, which emulates pressing
> CTRL-ALT-DEL-LockWorkstation
>
> RUNDLL32.exe user32.dll, LockWorkStation
>
> 2. Unfortunately, you cannot obfuscate the password in the registry, which
> is probably the biggest downside to using autoadminlogon
>
> 3. Once you have the custom ADM for these 3 reg entries loaded into a GPO,
> you can continue to modify the password value using that GPO.
>
> --
> Darren Mar-Elia
> MS-MVP-Windows Server--Group Policy
> Check out http://www.gpoguy.com -- The Windows Group Policy Information Hub:
> FAQs, Whitepapers and Utilities for all things Group Policy-related
> Just Released! The new Windows Group Policy Guide from Microsoft Press!!!
> Check it out at http://www.microsoft.com/mspress/books/8763.asp
>
>
> "Tariq Ziad" <TariqZiad@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:308BA1DA-54E4-4EA6-8B53-19DC99DC2A93@xxxxxxxxxxxxxxxx
> > Dear all,
> >
> > I have 16 PC that need a default logon of sertain account to them. I have
> > searched for the solution and found out that need to configure three
> > registry
> > keys as follows:
> >
> >
> > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
> > "AutoAdminLogon"="1"
> > "DefaultUserName"="username"
> > "DefaultPassword"="password"
> >
> >
> > The point now is that:
> > 1) I need to distripute these registry settings to 16 PCs using group
> > policy. Also, I need these PCs to be automatically locked once the PC is
> > turned on, and the default user has logged on automatically (same as LOCK
> > COMPUTER option when pressing ALT+CTRL+DEL)
> > 2) Is there a way to make the password unreadable in the registry?
> > 3) Suppose this default user paasword was changed, is there a way to
> > change
> > it automatically for these 16 PCs Or I mean is there a way to change it
> > automatically in the group policy that we will use to set the default user
> > and default password (because I am not that default user, and he might
> > change
> > the password)
> >
> > Your reply would be appriciated
>
>
>
.
- References:
- Registry settings management for 16 computers through Group Policy
- From: Tariq Ziad
- Re: Registry settings management for 16 computers through Group Policy
- From: Darren Mar-Elia
- Registry settings management for 16 computers through Group Policy
- Prev by Date: ADM templete for autologon
- Next by Date: Help with local adming rights on workstations
- Previous by thread: Re: Registry settings management for 16 computers through Group Po
- Next by thread: XP SP2 Firewall
- Index(es):
Relevant Pages
|
