Binary values in group policy
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.group_policy (More info?)
I'm trying to create a custom policy for Windows 2000 SBS that sets
software restrictions (of the cryptographic hash kind).
All is going well except for the fact that a couple of the registry
keys are of type binary.
According to various sources i've read your meant to use the numeric
type and it autodetects when to use a binary or dword.
So I converted the ItemData field to a huge decimal number:
275457228279875578229615414049268972442.
and created the following template:
CLASS MACHINE
CATEGORY "Software Restriction Policies"
POLICY "Disable Command Prompt"
KEYNAME "Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{a47931aa-8280-4408-b362-22a95bf8ec48}"
ACTIONLISTON
VALUENAME "Description" VALUE "Disable the Command Prompt"
VALUENAME "FriendlyName" VALUE "(5.1.2600.2096)"
VALUENAME "HashAlg" VALUE NUMERIC 32771
VALUENAME "ItemData" VALUE NUMERIC
275457228279875578229615414049268972442
VALUENAME "ItemSize" VALUE NUMERIC 65870642108432384
VALUENAME "LastModified" VALUE NUMERIC 4643848508271477761
VALUENAME "SaferFlags" VALUE NUMERIC 0
END ACTIONLISTON
ACTIONLISTOFF
VALUENAME "Description" VALUE DELETE
VALUENAME "FriendlyName" VALUE DELETE
VALUENAME "HashAlg" VALUE DELETE
VALUENAME "ItemData" VALUE DELETE
VALUENAME "ItemSize" VALUE DELETE
VALUENAME "LastModified" VALUE DELETE
VALUENAME "SaferFlags" VALUE DELETE
END ACTIONLISTOFF
END POLICY
END CATEGORY
The binary values however appear to truncate. How do I put these long
binary values into an ADM?
Or, Is there a better way of achieving this function (that doesn't
require an upgrade to SBS2003)
Simon.
I'm trying to create a custom policy for Windows 2000 SBS that sets
software restrictions (of the cryptographic hash kind).
All is going well except for the fact that a couple of the registry
keys are of type binary.
According to various sources i've read your meant to use the numeric
type and it autodetects when to use a binary or dword.
So I converted the ItemData field to a huge decimal number:
275457228279875578229615414049268972442.
and created the following template:
CLASS MACHINE
CATEGORY "Software Restriction Policies"
POLICY "Disable Command Prompt"
KEYNAME "Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{a47931aa-8280-4408-b362-22a95bf8ec48}"
ACTIONLISTON
VALUENAME "Description" VALUE "Disable the Command Prompt"
VALUENAME "FriendlyName" VALUE "(5.1.2600.2096)"
VALUENAME "HashAlg" VALUE NUMERIC 32771
VALUENAME "ItemData" VALUE NUMERIC
275457228279875578229615414049268972442
VALUENAME "ItemSize" VALUE NUMERIC 65870642108432384
VALUENAME "LastModified" VALUE NUMERIC 4643848508271477761
VALUENAME "SaferFlags" VALUE NUMERIC 0
END ACTIONLISTON
ACTIONLISTOFF
VALUENAME "Description" VALUE DELETE
VALUENAME "FriendlyName" VALUE DELETE
VALUENAME "HashAlg" VALUE DELETE
VALUENAME "ItemData" VALUE DELETE
VALUENAME "ItemSize" VALUE DELETE
VALUENAME "LastModified" VALUE DELETE
VALUENAME "SaferFlags" VALUE DELETE
END ACTIONLISTOFF
END POLICY
END CATEGORY
The binary values however appear to truncate. How do I put these long
binary values into an ADM?
Or, Is there a better way of achieving this function (that doesn't
require an upgrade to SBS2003)
Simon.
More about : binary values group policy
Archived from groups: microsoft.public.win2000.group_policy (More info?)
Ckwop@hotmail.com (Simon Johnson) wrote in message news:<f5668ae7.0405210721.51542842@posting.google.com>...
> I'm trying to create a custom policy for Windows 2000 SBS that sets
> software restrictions (of the cryptographic hash kind).
>
> All is going well except for the fact that a couple of the registry
> keys are of type binary.
>
> According to various sources i've read your meant to use the numeric
> type and it autodetects when to use a binary or dword.
>
> So I converted the ItemData field to a huge decimal number:
> 275457228279875578229615414049268972442.
>
> and created the following template:
>
> CLASS MACHINE
> CATEGORY "Software Restriction Policies"
> POLICY "Disable Command Prompt"
>
> KEYNAME "Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{a47931aa-8280-4408-b362-22a95bf8ec48}"
> ACTIONLISTON
> VALUENAME "Description" VALUE "Disable the Command Prompt"
> VALUENAME "FriendlyName" VALUE "(5.1.2600.2096)"
> VALUENAME "HashAlg" VALUE NUMERIC 32771
> VALUENAME "ItemData" VALUE NUMERIC
> 275457228279875578229615414049268972442
> VALUENAME "ItemSize" VALUE NUMERIC 65870642108432384
> VALUENAME "LastModified" VALUE NUMERIC 4643848508271477761
> VALUENAME "SaferFlags" VALUE NUMERIC 0
> END ACTIONLISTON
> ACTIONLISTOFF
> VALUENAME "Description" VALUE DELETE
> VALUENAME "FriendlyName" VALUE DELETE
> VALUENAME "HashAlg" VALUE DELETE
> VALUENAME "ItemData" VALUE DELETE
> VALUENAME "ItemSize" VALUE DELETE
> VALUENAME "LastModified" VALUE DELETE
> VALUENAME "SaferFlags" VALUE DELETE
> END ACTIONLISTOFF
> END POLICY
> END CATEGORY
>
> The binary values however appear to truncate. How do I put these long
> binary values into an ADM?
>
> Or, Is there a better way of achieving this function (that doesn't
> require an upgrade to SBS2003)
>
> Simon.
Hi Simon,
You can use the free Registry extension in Policy Maker Professional
to set ANY registry setting (including binary values) with a native
Group Policy Extension. It's very easy to use because Policy Maker
extensions are plug-ins to the Group Policy Editor, and the Registry
Extension is very similar to Regedit. Browse to the setting, edit it,
save the GPO, and the registry setting is applied as policy. Again,
the registry extension is free to use across the network. Download
here: www.autoprof.com/download.html
Peter Beauregard
AutoProf
Ckwop@hotmail.com (Simon Johnson) wrote in message news:<f5668ae7.0405210721.51542842@posting.google.com>...
> I'm trying to create a custom policy for Windows 2000 SBS that sets
> software restrictions (of the cryptographic hash kind).
>
> All is going well except for the fact that a couple of the registry
> keys are of type binary.
>
> According to various sources i've read your meant to use the numeric
> type and it autodetects when to use a binary or dword.
>
> So I converted the ItemData field to a huge decimal number:
> 275457228279875578229615414049268972442.
>
> and created the following template:
>
> CLASS MACHINE
> CATEGORY "Software Restriction Policies"
> POLICY "Disable Command Prompt"
>
> KEYNAME "Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{a47931aa-8280-4408-b362-22a95bf8ec48}"
> ACTIONLISTON
> VALUENAME "Description" VALUE "Disable the Command Prompt"
> VALUENAME "FriendlyName" VALUE "(5.1.2600.2096)"
> VALUENAME "HashAlg" VALUE NUMERIC 32771
> VALUENAME "ItemData" VALUE NUMERIC
> 275457228279875578229615414049268972442
> VALUENAME "ItemSize" VALUE NUMERIC 65870642108432384
> VALUENAME "LastModified" VALUE NUMERIC 4643848508271477761
> VALUENAME "SaferFlags" VALUE NUMERIC 0
> END ACTIONLISTON
> ACTIONLISTOFF
> VALUENAME "Description" VALUE DELETE
> VALUENAME "FriendlyName" VALUE DELETE
> VALUENAME "HashAlg" VALUE DELETE
> VALUENAME "ItemData" VALUE DELETE
> VALUENAME "ItemSize" VALUE DELETE
> VALUENAME "LastModified" VALUE DELETE
> VALUENAME "SaferFlags" VALUE DELETE
> END ACTIONLISTOFF
> END POLICY
> END CATEGORY
>
> The binary values however appear to truncate. How do I put these long
> binary values into an ADM?
>
> Or, Is there a better way of achieving this function (that doesn't
> require an upgrade to SBS2003)
>
> Simon.
Hi Simon,
You can use the free Registry extension in Policy Maker Professional
to set ANY registry setting (including binary values) with a native
Group Policy Extension. It's very easy to use because Policy Maker
extensions are plug-ins to the Group Policy Editor, and the Registry
Extension is very similar to Regedit. Browse to the setting, edit it,
save the GPO, and the registry setting is applied as policy. Again,
the registry extension is free to use across the network. Download
here: www.autoprof.com/download.html
Peter Beauregard
AutoProf
Related ressources:
- ForumRegistry Keys & Values with Group Policy
- ForumRegistry value from Group Policy or malware?
- ForumGroup Policy LegalNoticeText
- ForumAD error in Group policy
- ForumNon- binary computing breakthrough
- ForumLocal verses group policy
- ForumHow to distribute DumpsterAlwaysOn through Group Policy ?
- ForumAbout Group Policy
- ForumGroup Policy disabled Javascript
- ForumGroup Policy Problem
- ForumHelp Overriding Group Policy IE Settings
- ForumProblems applying IE Settings with group policy
- ForumGroup Policy as "preference" does not apply
- ForumGroup Policy for Internet Explorer - Please Help
- ForumGroup Policy
- ForumSetting HKCU keys using Group Policy
- ForumParallel and com ports not appearing in device manager
- ForumA tool to ses Group Policies?
- ForumDeploy Hotfix through Group Policy
- ForumTattooing the registry using group policy
- More resources
!
