|< Day Day Up >|
Hack 10 Extend Group Policy
Group Policy is a powerful tool for managing
One day, one of my customers gave me a phone call to say that "the Group Policy Plan we made was pretty nice, but there's something missing, and if we had this we could really impress our boss." From that day on, my life wasn't the same, because this comment led to me discover the true power of Group Policy through customizing ADM files.
But first you need to understand the basics of ADM files.
An ADM file is an ASCII file that defines the Group Policy settings; every checkbox, drop-down menu, and folder in the Group Policy window is defined in this file. The ADM file can also be hacked with any text editor to extend the built-in settings of Group Policy, or you could even build a custom ADM to import to your own Group Policies files. This customization feature makes Group Policy a more powerful tool to manage computers.
The default Group Policy Object (GPO) created in Active Directory is
These ADM files are located in the
folder, and every other ADM file that is installed on your machine will be put into that location as well. Also, many products that Microsoft has released for Windows 2000/XP have their own ADM files. For example, the Microsoft Office XP Resource Kit has a corresponding ADM file for each product of the Office suite. For instance, an ADM file called
adds policy settings that affect Word XP on
Hacking ADM Files
How do you to find the policy you want to edit? And how do you change it? In the following example, I want to find and edit the "Save Word files as" policy in the word10.adm file. This policy defines the way a file is saved by default in Word XP. I usually add the option to save the Word file in a format that appears in a local version of Word but doesn't appear in the ADM.
Figure 1-11 shows what the policy looks like.
Figure 1-11. Editing a policy setting
As you can see, the policy setting is found in the Save folder and its
POLICY "Save Word files as" KEYNAME Software\Policies\Microsoft\Office.0\Word\Options PART "Save Word files as" DROPDOWNLIST VALUENAME DefaultFormat ITEMLIST NAME "Word document (*.doc)" VALUE "DEFAULT" NAME "Web Page (*.htm; *.html)" VALUE "HTML" NAME "Word 6.0/95 (*.doc)" VALUE "MSWord6Exp" NAME "Word 6.0/95 - Japanese (*.doc)" VALUE"MSWord6JExp" NAME "Word 6.0/95 - Korean (*.doc)" VALUE "MSWord95KExp" NAME "Word 97-2002 & 6.0/95 - RTF" VALUE "MSWord6RTFExp" NAME "Works 4.0 for Windows (*.wps)" VALUE "MSWorksWin4" NAME "Works 3.0 for Windows (*.wps)" VALUE "MSWorksWin3" END ITEMLIST NOSORT END PART END POLICY
As you can see, the first line,
Policy "Save Word files as
", defines the name of the policy as it appears in Figure 1-11, while everything under that line defines the policy settings until the last line,
So, if I want to add another option to be displayed in the drop-down list of this policy, all I need to do is add the following line wherever I want (within the section bounded by ITEMLIST and END ITEMLIST ):
NAME "Word 97-2002 & 6.0/95 Hebrew Converter\doc" VALUE "MSWord6HBRExp"
Figure 1-12 shows the result of what will be added to the policy drop-down list in the GUI.
Figure 1-12. Adding an option to a drop-down list
Easy, isn't it? With this method, you can manipulate virtually any Registry key that is in the HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER hives to extend Group Policy.
If you'd like to learn more about hacking ADM files, see http://www.microsoft.com/windows2000/en/server/help/sag_spconcepts_34.htm from the Windows 2000 Server online documentation. Note that occasionally you might not see the results of your hack; see article 228723 in the Knowledge Base on TechNet for more information (http://support.microsoft.com/default.aspx?scid=kb;en-us;228723).
|< Day Day Up >|