Software restriction policies set in the registry don't update Local Group Policy
- by Jon Rhoades
The joys of a Samba domain... First off Domain Group policy can't be used until Samba 4 arrives.
We need to setup Software Restriction Policies (SRPs) on most of the computers in our Samba domain and I would dearly like to automate this. (We are moving away from just disabling the Windows installer). The traditional way is to set SRPs using Local Group Policy (LGP) Computer Conf-Windows Settings-SRP
but this involves visiting every machine as it can't be set using in NTConfig.pol.
It is possible to attempt to create the SRPs directly in the registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{30628f61-eb47-4d87-823b-6683a09eda87}]
"LastModified"=hex(b):40,a2,94,09,b5,5d,ca,01
"Description"=""
"SaferFlags"=dword:00000000
"ItemData"="C:\\location\\subfolder"
SaferFlags DWORD seems to be what turns it on or off, but although this seems to work it does not update the Local Group Policy - SRPs still show as "No SRPs Defined".
Where does the LGP store this setting - is it even in the registry and more importantly - Is there a cleverer way of setting up SRPs?