The joys of a Samba domain... First off Domain Group policy can't be used until Samba 4 arrives.

We need to setup Software Restriction Policies (SRPs) on most of the computers in our Samba domain and I would dearly like to automate this. (We are moving away from just disabling the Windows installer). The traditional way is to set SRPs using Local Group Policy (LGP) Computer Conf->Windows Settings->SRP but this involves visiting every machine as it can't be set using in NTConfig.pol.

It is possible to attempt to create the SRPs directly in the registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{30628f61-eb47-4d87-823b-6683a09eda87}]
"LastModified"=hex(b):40,a2,94,09,b5,5d,ca,01
"Description"=""
"SaferFlags"=dword:00000000
"ItemData"="C:\\location\\subfolder"

SaferFlags DWORD seems to be what turns it on or off, but although this seems to work it does not update the Local Group Policy - SRPs still show as "No SRPs Defined".

Where does the LGP store this setting - is it even in the registry and more importantly - Is there a cleverer way of setting up SRPs?