Software restriction policies set in the registry don't update Local Group Policy

Posted by Jon Rhoades on Server Fault See other posts from Server Fault or by Jon Rhoades
Published on 2010-03-14T22:21:41Z Indexed on 2010/03/14 22:25 UTC
Read the original article Hit count: 633

Filed under:
|
|
|
|

The joys of a Samba domain... First off Domain Group policy can't be used until Samba 4 arrives.

We need to setup Software Restriction Policies (SRPs) on most of the computers in our Samba domain and I would dearly like to automate this. (We are moving away from just disabling the Windows installer). The traditional way is to set SRPs using Local Group Policy (LGP) Computer Conf->Windows Settings->SRP but this involves visiting every machine as it can't be set using in NTConfig.pol.

It is possible to attempt to create the SRPs directly in the registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{30628f61-eb47-4d87-823b-6683a09eda87}]
"LastModified"=hex(b):40,a2,94,09,b5,5d,ca,01
"Description"=""
"SaferFlags"=dword:00000000
"ItemData"="C:\\location\\subfolder"

SaferFlags DWORD seems to be what turns it on or off, but although this seems to work it does not update the Local Group Policy - SRPs still show as "No SRPs Defined".

Where does the LGP store this setting - is it even in the registry and more importantly - Is there a cleverer way of setting up SRPs?

© Server Fault or respective owner

Related posts about XP

Related posts about group-policy