Tcs said:
In searching for a solution to my problem, I happened to come
across a couple of posts that referred to the registry being
"tattooed". Well, here, this is one of them:
So in effect Windows 2k and 2k3 server can tattoo the registry,
even though
it is not supposed to ...
Could someone please explain what is meant by this? I appreciate
it, thanks in advance,
If a group policy is applied to the workstations in the domain and then
removed - unless in a certain area - it may tattoo (not change back to the
original value) the value.
HKEY_LOCAL_MACHINE \SOFTWARE\policies (preferred location)
HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_CURRENT_USER \SOFTWARE\policies (preferred location)
HKEY_ CURRENT_USER \SOFTWARE\Microsoft\Windows\CurrentVersion\policies
Because all keys and values beneath these paths are erased before applying
the resultant registry policy settings. Policy settings that are stored in
these specific locations of the registry are known as true policies. Policy
settings stored in these approved registry locations, won't persist if the
policy is set to Not Configured, is unlinked, or the client moves out of the
scope of management. In other words, they won't tattoo the registry.
So - just as you learned when you started learning about group policies -
test in your test environment (adding and removing the policy if you think
that will ever happen) before making the change in the production
environment.
** Tattooing does not mean you cannot change the value using group policies
to something else - just that the particular value will not return to its
default setting on its own.
