Thursday, April 28, 2011

"Extra Registry Settings" GPOs

Recently went to add some trusted sites to an existing IE GPO on a Windows 2003 DC. Found the GPO and the sites already in there were listed in the Settings tab under "Computer Configuration\Administrative Templates\Extra Registry Setting".

However... when I went to EDIT that GPO there was no "Extra Registry Settings" under Computer Configuration\Administrative Templates. Looked all over and couldn't find it anywhere!

Eventually came upon this gem on MS Technet:
When searching for a given .adm file, GPMC will only use the first .adm file it finds in the listed search order. If there are policy settings in the GPO for which no .adm file can be found, these settings will be displayed in the report in a section called “Extra Registry Settings” which displays the registry keys and values for those settings.

Found a DC that was running Windows 2008 and tried editing the GPO and what do you know, the "Extra Registry Settings" were not there, but there was a looooong list of other settings, one being named "Policy: Site to Zone Assignment List" under "Computer Configuration\Admin Templates\Windows Components\Internet Control Panel\Security Page\". The existing trusted sites were in it so just added the new ones and did a gpupdate and was ready to go.

2 comments:

freebirdmani said...

Thanks for sharing Bob.

Nick said...

This helps me lot.Thanks for sharing http://ernstashurovlaw.com