Using GP to Change Registry Settings

[Robert]

I am trying to trust a code signed certificate so that
uses are not prompted when opening Word documents with
VBA Code (macros) embedded. I have succesfully created
a .reg file that enters the certificate information as a
binary entry in the registry at
[HKEY_CURRENT_USER\Software\Microsoft\VBA\Trusted]. Is it
possible to write an adm file and use Group Policy to
push this out to all users? Anyone have a good source for
writing adm files? Is there another easier way to do
this? Thanks

Robert

 

[Derek Melber [MVP]]

Try these:

Advanced topic: Creating custom .adm files:
http://www.microsoft.com/windows200...00/en/professional/help/sag_SPconcepts_34.htm

To add or remove an Administrative Template (.adm file):
http://www.microsoft.com/windows200...0/en/professional/help/gptext_addtemplate.htm

 

[Guest]

Derek,
I appreciate the answer. Looking at the first topic
it seems to be geared towards string entries. I do not
see any references to the binary type. I wish there was
some examples and MS made this easier. Based on this
documentation, I do not think I can write the adm file.
Do you know of any source with more examples?

thanks

Robert

-----Original Message-----
Try these:

Advanced topic: Creating custom .adm files:
http://www.microsoft.com/windows2000/en/professional/help /default.asp?
url=/WINDOWS2000/en/professional/help/sag_SPconcepts_34.ht
m

To add or remove an Administrative Template (.adm file):
http://www.microsoft.com/windows2000/en/professional/help /default.asp?
url=/WINDOWS2000/en/professional/help/gptext_addtemplate.h
tm


--
Derek Melber
BrainCore.Net
(e-mail address removed)

I am trying to trust a code signed certificate so that
uses are not prompted when opening Word documents with
VBA Code (macros) embedded. I have succesfully created
a .reg file that enters the certificate information as a
binary entry in the registry at
[HKEY_CURRENT_USER\Software\Microsoft\VBA\Trusted]. Is it
possible to write an adm file and use Group Policy to
push this out to all users? Anyone have a good source for
writing adm files? Is there another easier way to do
this? Thanks

Robert

.

 

[Derek Melber [MVP]]

Your best bet for samples is to use the default ADM templates. Just search
in the INF folder of your DC or client computer. the system.adm is about the
longest one.

What is the value data you need to input for the Registry value?

--
Derek Melber
BrainCore.Net
(e-mail address removed)

Derek,
I appreciate the answer. Looking at the first topic
it seems to be geared towards string entries. I do not
see any references to the binary type. I wish there was
some examples and MS made this easier. Based on this
documentation, I do not think I can write the adm file.
Do you know of any source with more examples?

thanks

Robert

-----Original Message-----
Try these:

Advanced topic: Creating custom .adm files:
http://www.microsoft.com/windows2000/en/professional/help /default.asp?
url=/WINDOWS2000/en/professional/help/sag_SPconcepts_34.ht
m

To add or remove an Administrative Template (.adm file):
http://www.microsoft.com/windows2000/en/professional/help /default.asp?
url=/WINDOWS2000/en/professional/help/gptext_addtemplate.h
tm


--
Derek Melber
BrainCore.Net
(e-mail address removed)

I am trying to trust a code signed certificate so that
uses are not prompted when opening Word documents with
VBA Code (macros) embedded. I have succesfully created
a .reg file that enters the certificate information as a
binary entry in the registry at
[HKEY_CURRENT_USER\Software\Microsoft\VBA\Trusted]. Is it
possible to write an adm file and use Group Policy to
push this out to all users? Anyone have a good source for
writing adm files? Is there another easier way to do
this? Thanks

Robert

.

 

[Robert]

Derek,
Thanks for the advice. I have tried the office 2000
Resource Kit and looked at the Word9.adm file which you
think would be close. I failed miserably. There is no
binary data in it. I guess it is beyond my abilitiies. I
will take a look at the system.adm file tonight.

The data is hex/binary data. The document at
http://www.microsoft.com/technet/prodtechnol/office/office
2000/maintain/security/o2ksec.mspx#XSLTsection124121120120
explains it. Here is the contents of the .reg file that
does the same thing except i changed the data being
extremely paranoid:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\VBA\Trusted]
"User, Robert
M."=hex:34,3d,b7,e2,5a,24,64,f3,95,41,2c,4d,7e,32,44,55,66
,\
77,88,99

Thanks

Robert

-----Original Message-----
Your best bet for samples is to use the default ADM templates. Just search
in the INF folder of your DC or client computer. the system.adm is about the
longest one.

What is the value data you need to input for the Registry value?

--
Derek Melber
BrainCore.Net
(e-mail address removed)

Derek,
I appreciate the answer. Looking at the first topic
it seems to be geared towards string entries. I do not
see any references to the binary type. I wish there was
some examples and MS made this easier. Based on this
documentation, I do not think I can write the adm file.
Do you know of any source with more examples?

thanks

Robert

-----Original Message-----
Try these:

Advanced topic: Creating custom .adm files:

http://www.microsoft.com/windows2000/en/professional/help
/default.asp?
url=/WINDOWS2000/en/professional/help/sag_SPconcepts_34.ht
m

To add or remove an Administrative Template (.adm

file):
http://www.microsoft.com/windows2000/en/professional/help
/default.asp?
url=/WINDOWS2000/en/professional/help/gptext_addtemplate.h
tm

--
Derek Melber
BrainCore.Net
(e-mail address removed)
"Robert" <[email protected]> wrote

in
message

I am trying to trust a code signed certificate so that
uses are not prompted when opening Word documents with
VBA Code (macros) embedded. I have succesfully created
a .reg file that enters the certificate information

as
a

binary entry in the registry at
[HKEY_CURRENT_USER\Software\Microsoft\VBA\Trusted].

Is
it

possible to write an adm file and use Group Policy to
push this out to all users? Anyone have a good

source
for

writing adm files? Is there another easier way to do
this? Thanks

Robert


.

.

 

[Derek Melber [MVP]]

have you considered customizing the sceregvl.inf file? This updates the
security portion of he GPO.

--
Derek Melber
BrainCore.Net
(e-mail address removed)

Derek,
Thanks for the advice. I have tried the office 2000
Resource Kit and looked at the Word9.adm file which you
think would be close. I failed miserably. There is no
binary data in it. I guess it is beyond my abilitiies. I
will take a look at the system.adm file tonight.

The data is hex/binary data. The document at
http://www.microsoft.com/technet/prodtechnol/office/office
2000/maintain/security/o2ksec.mspx#XSLTsection124121120120
explains it. Here is the contents of the .reg file that
does the same thing except i changed the data being
extremely paranoid:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\VBA\Trusted]
"User, Robert
M."=hex:34,3d,b7,e2,5a,24,64,f3,95,41,2c,4d,7e,32,44,55,66
,\
77,88,99

Thanks

Robert

-----Original Message-----
Your best bet for samples is to use the default ADM templates. Just search
in the INF folder of your DC or client computer. the system.adm is about the
longest one.

What is the value data you need to input for the Registry value?

--
Derek Melber
BrainCore.Net
(e-mail address removed)

Derek,
I appreciate the answer. Looking at the first topic
it seems to be geared towards string entries. I do not
see any references to the binary type. I wish there was
some examples and MS made this easier. Based on this
documentation, I do not think I can write the adm file.
Do you know of any source with more examples?

thanks

Robert

-----Original Message-----
Try these:

Advanced topic: Creating custom .adm files:
http://www.microsoft.com/windows2000/en/professional/help
/default.asp?
url=/WINDOWS2000/en/professional/help/sag_SPconcepts_34.ht
m

To add or remove an Administrative Template (.adm file):
http://www.microsoft.com/windows2000/en/professional/help
/default.asp?
url=/WINDOWS2000/en/professional/help/gptext_addtemplate.h
tm


--
Derek Melber
BrainCore.Net
(e-mail address removed)
message
I am trying to trust a code signed certificate so that
uses are not prompted when opening Word documents with
VBA Code (macros) embedded. I have succesfully created
a .reg file that enters the certificate information as
a
binary entry in the registry at
[HKEY_CURRENT_USER\Software\Microsoft\VBA\Trusted]. Is
it
possible to write an adm file and use Group Policy to
push this out to all users? Anyone have a good source
for
writing adm files? Is there another easier way to do
this? Thanks

Robert


.

.

 

[Robert]

Derek,
Thansk for the suggestion. I will try it on my PC.
After I change it then what do i have to do?

Robert

-----Original Message-----
have you considered customizing the sceregvl.inf file? This updates the
security portion of he GPO.

--
Derek Melber
BrainCore.Net
(e-mail address removed)

Derek,
Thanks for the advice. I have tried the office 2000
Resource Kit and looked at the Word9.adm file which you
think would be close. I failed miserably. There is no
binary data in it. I guess it is beyond my abilitiies. I
will take a look at the system.adm file tonight.

The data is hex/binary data. The document at
http://www.microsoft.com/technet/prodtechnol/office/office
2000/maintain/security/o2ksec.mspx#XSLTsection124121120120
explains it. Here is the contents of the .reg file that
does the same thing except i changed the data being
extremely paranoid:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\VBA\Trusted]
"User, Robert
M."=hex:34,3d,b7,e2,5a,24,64,f3,95,41,2c,4d,7e,32,44,55,66
,\
77,88,99

Thanks

Robert

-----Original Message-----
Your best bet for samples is to use the default ADM templates. Just search
in the INF folder of your DC or client computer. the system.adm is about the
longest one.

What is the value data you need to input for the Registry value?

--
Derek Melber
BrainCore.Net
(e-mail address removed)
Derek,
I appreciate the answer. Looking at the first topic
it seems to be geared towards string entries. I do not
see any references to the binary type. I wish there was
some examples and MS made this easier. Based on this
documentation, I do not think I can write the adm file.
Do you know of any source with more examples?

thanks

Robert

-----Original Message-----
Try these:

Advanced topic: Creating custom .adm files:

http://www.microsoft.com/windows2000/en/professional/help

/default.asp?

url=/WINDOWS2000/en/professional/help/sag_SPconcepts_34.ht

m

To add or remove an Administrative Template (.adm file):

http://www.microsoft.com/windows2000/en/professional/help

/default.asp?

url=/WINDOWS2000/en/professional/help/gptext_addtemplate.h

tm


--
Derek Melber
BrainCore.Net
(e-mail address removed)
"Robert" <[email protected]>

wrote
in

message
I am trying to trust a code signed certificate so that
uses are not prompted when opening Word documents with
VBA Code (macros) embedded. I have succesfully created
a .reg file that enters the certificate

information
as

a
binary entry in the registry at

[HKEY_CURRENT_USER\Software\Microsoft\VBA\Trusted].
Is

it
possible to write an adm file and use Group

Policy
to

push this out to all users? Anyone have a good source
for
writing adm files? Is there another easier way to do
this? Thanks

Robert


.



.

.

 

[Derek Melber [MVP]]

I think this will be all you need:

http://support.microsoft.com/?kbid=214752

--
Derek Melber
BrainCore.Net
(e-mail address removed)

Derek,
Thansk for the suggestion. I will try it on my PC.
After I change it then what do i have to do?

Robert

-----Original Message-----
have you considered customizing the sceregvl.inf file? This updates the
security portion of he GPO.

--
Derek Melber
BrainCore.Net
(e-mail address removed)

Derek,
Thanks for the advice. I have tried the office 2000
Resource Kit and looked at the Word9.adm file which you
think would be close. I failed miserably. There is no
binary data in it. I guess it is beyond my abilitiies. I
will take a look at the system.adm file tonight.

The data is hex/binary data. The document at
http://www.microsoft.com/technet/prodtechnol/office/office
2000/maintain/security/o2ksec.mspx#XSLTsection124121120120
explains it. Here is the contents of the .reg file that
does the same thing except i changed the data being
extremely paranoid:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\VBA\Trusted]
"User, Robert
M."=hex:34,3d,b7,e2,5a,24,64,f3,95,41,2c,4d,7e,32,44,55,66
,\
77,88,99

Thanks

Robert


-----Original Message-----
Your best bet for samples is to use the default ADM
templates. Just search
in the INF folder of your DC or client computer. the
system.adm is about the
longest one.

What is the value data you need to input for the
Registry value?

--
Derek Melber
BrainCore.Net
(e-mail address removed)
Derek,
I appreciate the answer. Looking at the first
topic
it seems to be geared towards string entries. I do not
see any references to the binary type. I wish there was
some examples and MS made this easier. Based on this
documentation, I do not think I can write the adm file.
Do you know of any source with more examples?

thanks

Robert

-----Original Message-----
Try these:

Advanced topic: Creating custom .adm files:

http://www.microsoft.com/windows2000/en/professional/help
/default.asp?

url=/WINDOWS2000/en/professional/help/sag_SPconcepts_34.ht
m

To add or remove an Administrative Template (.adm
file):

http://www.microsoft.com/windows2000/en/professional/help
/default.asp?

url=/WINDOWS2000/en/professional/help/gptext_addtemplate.h
tm


--
Derek Melber
BrainCore.Net
(e-mail address removed)
in
message
I am trying to trust a code signed certificate so
that
uses are not prompted when opening Word documents
with
VBA Code (macros) embedded. I have succesfully
created
a .reg file that enters the certificate information
as
a
binary entry in the registry at
[HKEY_CURRENT_USER\Software\Microsoft\VBA\Trusted].
Is
it
possible to write an adm file and use Group Policy
to
push this out to all users? Anyone have a good
source
for
writing adm files? Is there another easier way to do
this? Thanks

Robert


.



.

.