Software restriction policies set in the registry don't update Local Group Policy
Posted
by Jon Rhoades
on Server Fault
See other posts from Server Fault
or by Jon Rhoades
Published on 2010-03-14T22:21:41Z
Indexed on
2010/03/14
22:25 UTC
Read the original article
Hit count: 633
The joys of a Samba domain... First off Domain Group policy can't be used until Samba 4 arrives.
We need to setup Software Restriction Policies (SRPs) on most of the computers in our Samba domain and I would dearly like to automate this. (We are moving away from just disabling the Windows installer). The traditional way is to set SRPs using Local Group Policy (LGP) Computer Conf->Windows Settings->SRP but this involves visiting every machine as it can't be set using in NTConfig.pol.
It is possible to attempt to create the SRPs directly in the registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{30628f61-eb47-4d87-823b-6683a09eda87}]
"LastModified"=hex(b):40,a2,94,09,b5,5d,ca,01
"Description"=""
"SaferFlags"=dword:00000000
"ItemData"="C:\\location\\subfolder"
SaferFlags DWORD seems to be what turns it on or off, but although this seems to work it does not update the Local Group Policy - SRPs still show as "No SRPs Defined".
Where does the LGP store this setting - is it even in the registry and more importantly - Is there a cleverer way of setting up SRPs?
© Server Fault or respective owner