Windows server 2003 adm — Ваш верный помощник с OS Windows

Published 15^th October 2010 by & filed under Misc Software. Last updated 1^st January 2012.

I was digging thru an old back-up CD today and stumbled upon a custom ADM file I created when I was administering a Windows Server 2003 / Windows XP Domain. To use, copy the following code into notepad, save the file with a .adm extension on the system32 folder of a domain server. Open Group Policy editor and add the file, then browse to the “Technicians Settings” to enable any of the settings.

There are Machine and User settings including…
Enabling the EZ-GPO utility
Synaptics touchpad sensitivity fix
Disable lots of start-up applications
Disable lots of unneeded services
Control Windows features inc antivirus, messenger, error reporting, cd-bruning
Media Player — disable automatic actions
Java settings
Adobe settings
Audacity settings
SmartBoard settings
Windows Defender settings
Internet Explorer settings
Screen Saver settings

[xml];;;;;;;;;;;;;
CLASS MACHINE
;;;;;;;;;;;;;

CATEGORY “Technicians Settings”
CATEGORY !!EZ_GPO
POLICY !!BASE_CFG
KEYNAME “SoftwarePoliciesTerraNovumEZ_GPO”
EXPLAIN !!BASE_CFG_EXP
PART “Power Management Settings Schema” DROPDOWNLIST REQUIRED
VALUENAME “SettingsScheme”
ITEMLIST
NAME !!SettingsSchemeSimpleIndex VALUE “Simple” Default
END ITEMLIST
END PART
PART “Power Management Settings Schema Major Version” NUMERIC REQUIRED
VALUENAME “MajorVersion”
DEFAULT 2
MIN 1
MAX 100
END PART
PART “Power Management Settings Schema Minor Version” NUMERIC REQUIRED
VALUENAME “MinorVersion”
DEFAULT 0
MIN 0
MAX 99
END PART
PART “Control Variable [Do Not Modify]” DROPDOWNLIST REQUIRED
VALUENAME “Control”
ITEMLIST
NAME “Control Variable [Do Not Modify]” VALUE “Verify” Default
END ITEMLIST
END PART
END POLICY
POLICY !!OPTIONS
KEYNAME “SoftwarePoliciesTerraNovumEZ_GPOOptions”
EXPLAIN !!OPTIONS_EXP
PART “Force Standby to Be Set on All Machines” CHECKBOX
VALUENAME “ForceStandby”
VALUEON NUMERIC 1 ;Force Standby flag
VALUEOFF NUMERIC 0
END PART
END POLICY
POLICY !!SETTINGS_SCHEME_SIMPLE
KEYNAME “SoftwarePoliciesTerraNovumEZ_GPOSimple”
EXPLAIN !!SETTINGS_SCHEME_SIMPLE_EXP
PART “AC No User Monitor Timeout” NUMERIC REQUIRED
VALUENAME “ACUserMonIdleTime”
DEFAULT 10
MIN 0
MAX 300
END PART
PART “AC No User System Standby Timeout” NUMERIC REQUIRED
VALUENAME “ACUserStandByIdleTime”
DEFAULT 15
MIN 0
MAX 300
END PART
PART “AC No User Hibernate Timeout” NUMERIC REQUIRED
VALUENAME “ACMachHibernateIdleTime”
DEFAULT 30
MIN 0
MAX 300
END PART
PART “DC No User Monitor Timeout” NUMERIC REQUIRED
VALUENAME “DCUserMonIdleTime”
DEFAULT 2
MIN 0
MAX 300
END PART
PART “DC No User System Standby Timeout” NUMERIC REQUIRED
VALUENAME “DCUserStandByIdleTime”
DEFAULT 5
MIN 0
MAX 300
END PART
PART “DC No User Hibernate Timeout” NUMERIC REQUIRED
VALUENAME “DCMachHibernateIdleTime”
DEFAULT 10
MIN 0
MAX 300
END PART
END POLICY
END CATEGORY ; EZ_GPO
CATEGORY “Hardware”
POLICY “Touchpad Sensitivity Fix”
KEYNAME “SOFTWARESynapticsSynTPDefaults”
VALUENAME “AutoRecalibration”
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
END CATEGORY
CATEGORY “Startup”
;not fully managed
POLICY “Disable Startup Programs”
KEYNAME “SOFTWAREMicrosoftWindowsCurrentVersionRun”
PART “D‑Link Wireless Tray” CHECKBOX
VALUENAME “D‑Link AirPlus G”
VALUEON DELETE
VALUEOFF “%ProgramFiles%D‑LinkAirPlus GAirGCFG.exe”
END PART
PART “D‑Link Wireless Config Util” CHECKBOX
VALUENAME “ANIWZCS2Service”
VALUEON DELETE
VALUEOFF “%ProgramFiles%ANIANIWZCS2 ServiceWZCSLDR2.exe”
END PART
PART “Installshield Updates” CHECKBOX
VALUENAME “ISUSPM Startup”
VALUEON DELETE
VALUEOFF “%ProgramFiles%Common FilesInstallShieldUpdateServiceisuspm.exe ‑startup”
END PART
PART “Installshield Updates Scheduler” CHECKBOX
VALUENAME “ISUSScheduler”
VALUEON DELETE
VALUEOFF “%ProgramFiles%Common FilesInstallShieldUpdateServiceissch.exe ‑start”
END PART
PART “Synchronization Manager” CHECKBOX
VALUENAME “Synchronization Manager”
VALUEON DELETE
VALUEOFF “%SystemRoot%system32mobsync.exe /logon”
END PART
PART “Belkin Wireless Tray” CHECKBOX
VALUENAME “wltray.exe”
VALUEON DELETE
VALUEOFF “%SystemRoot%System32wltray.exe”
END PART
PART “Logitech Software Update” CHECKBOX
VALUENAME “LogitechSoftwareUpdate”
VALUEON DELETE
VALUEOFF “%ProgramFiles%LogitechVideoManifestEngine.exe”
END PART
PART “Logitech Camera Checker” CHECKBOX
VALUENAME “LogitechVideoRepair”
VALUEON DELETE
VALUEOFF “%ProgramFiles%LogitechVideoISStart.exe”
END PART
PART “Logitech Camera Tray” CHECKBOX
VALUENAME “LogitechVideoTray”
VALUEON DELETE
VALUEOFF “%ProgramFiles%LogitechVideoLogiTray.exe”
END PART
PART “Logitech Camera Utility” CHECKBOX
VALUENAME “LVCOMSX”
VALUEON DELETE
VALUEOFF “%SystemRoot%LVCOMSX.exe”
END PART
PART “Norton Ghost” CHECKBOX
VALUENAME “NGClient”
VALUEON DELETE
VALUEOFF “%ProgramFiles%SymantecGhostngctw32.exe”
END PART
PART “Java Update” CHECKBOX
VALUENAME “SunJavaUpdateSched”
VALUEON DELETE
VALUEOFF “jusched.exe”
END PART
PART “Nero” CHECKBOX
VALUENAME “NeroCheck”
VALUEON DELETE
VALUEOFF “%SystemRoot%NeroCheck.exe”
END PART
PART “Nero #2” CHECKBOX
VALUENAME “NeroFilterCheck”
VALUEON DELETE
VALUEOFF “%SystemRoot%NeroCheck.exe”
END PART
PART “In CD” CHECKBOX
VALUENAME “InCD”
VALUEON DELETE
VALUEOFF “%ProgramFiles%AheadInCDInCD.exe”
END PART
PART “Quicktime” CHECKBOX
VALUENAME “QuickTime Task”
VALUEON DELETE
VALUEOFF “qttask.exe”
END PART
PART “Intel Vga Tray Icon” CHECKBOX
VALUENAME “IgfxTray”
VALUEON DELETE
VALUEOFF “%SystemRoot%igfxtray.exe”
END PART
PART “Intel Vga Tray #1” CHECKBOX
VALUENAME “Persistence”
VALUEON DELETE
VALUEOFF “%SystemRoot%igfxpers.exe”
END PART
PART “Intel VGA Tray #2″ CHECKBOX
VALUENAME “igfxpers”
VALUEON DELETE
VALUEOFF “%SystemRoot%igfxpers.exe”
END PART
PART “Intel Hotkeys” CHECKBOX
VALUENAME “HotKeysCmds”
VALUEON DELETE
VALUEOFF “%SystemRoot%hkcmd.exe”
END PART
PART “Intel HotKeys #2” CHECKBOX
VALUENAME “igfxhkcmd”
VALUEON DELETE
VALUEOFF “%SystemRoot%hkcmd.exe”
END PART
PART “Intel Audio Studio” CHECKBOX
VALUENAME “IntelAudioStudio”
VALUEON DELETE
VALUEOFF “%ProgramFiles%Intel Audio StudioIntelAudioStudio.exe TRAY”
END PART
PART “nVidia Control Panel” CHECKBOX
VALUENAME “NvCplDaemon”
VALUEON DELETE
VALUEOFF “RUNDLL32.EXE %SystemRoot%NvCpl.dll,NvStartup”
END PART
PART “nVidia Media Center” CHECKBOX
VALUENAME “NvMediaCenter”
VALUEON DELETE
VALUEOFF “RUNDLL32.EXE %SystemRoot%NvMcTray.dll,NvTaskbarInit”
END PART
PART “nVidia Wizard” CHECKBOX
VALUENAME “nwiz”
VALUEON DELETE
VALUEOFF “nwiz.exe /install”
END PART
PART “PowerDVD Remote Control” CHECKBOX
VALUENAME “Remote Control”
VALUEON DELETE
VALUEOFF “%ProgramFiles%CyberLinkPowerDVDPDVDServ.exe”
END PART
PART “PowerDVD Remote Control 2” CHECKBOX
VALUENAME “RemoteControl”
VALUEON DELETE
VALUEOFF “%ProgramFiles%CyberLinkPowerDVDPDVDServ.exe”
END PART
PART “PowerDVD Language” CHECKBOX
VALUENAME “LanguageShortcut”
VALUEON DELETE
VALUEOFF “%ProgramFiles%CyberLinkPowerDVDLanguageLanguage.exe”
END PART
PART “Realtek Input Pop-Up” CHECKBOX
VALUENAME “High Definition Audio Property Page Shortcut”
VALUEON DELETE
VALUEOFF “HDAShCut.exe”
END PART
PART “Sounds Manager” CHECKBOX
VALUENAME “SoundMan”
VALUEON DELETE
VALUEOFF “Soundman.exe”
END PART
PART “Realtek Audio Utility” CHECKBOX
VALUENAME “Alcmtr”
VALUEON DELETE
VALUEOFF “ALCMTR.EXE”
END PART
PART “Realtek HD Audio Control Panel” CHECKBOX
VALUENAME “RTHDCPL”
VALUEON DELETE
VALUEOFF “RTHDCPL.EXE”
END PART
PART “Reaktek Audio Device Detection” CHECKBOX
VALUENAME “AlcWzrd”
VALUEON DELETE
VALUEOFF “ALCWZRD.EXE”
END PART
PART “Realtek Voice Manager” CHECKBOX
VALUENAME “SkyTel”
VALUEON DELETE
VALUEOFF “SkyTel.exe”
END PART
PART “SoundMax Tray” CHECKBOX
VALUENAME “SoundMaxPnP”
VALUEON DELETE
VALUEOFF “%ProgramFiles%Analog DevicesCoresmax4pnp.exe”
END PART
PART “IDT Audio Tray” CHECKBOX
VALUENAME “SysTrayApp”
VALUEON DELETE
VALUEOFF “%ProgramFiles%IDTWDMsttray.exe”
END PART
PART “Acer Keyboard Utility” CHECKBOX
VALUENAME “HControl”
VALUEON DELETE
VALUEOFF “%SystemDrive%WINDOWSATK0100HControl.exe”
END PART
PART “Softmodem Helper” CHECKBOX
VALUENAME “SMSERIAL”
VALUEON DELETE
VALUEOFF “%SystemDrive%WINDOWSsm56hlpr.exe”
END PART
PART “Softmodem Utility” CHECKBOX
VALUENAME “AGRSMMSG”
VALUEON DELETE
VALUEOFF “AGRSMMSG.exe”
END PART
PART “Synaptics Touchpad Enhancement” CHECKBOX
VALUENAME “SynTPEnh”
VALUEON DELETE
VALUEOFF “%ProgramFiles%SynapticsSynTPEnh.exe”
END PART
PART “Synaptics Touchpad Enhancement #2” CHECKBOX
VALUENAME “SynTPStart”
VALUEON DELETE
VALUEOFF “%ProgramFiles%SynapticsSynTPStart.exe”
END PART
PART “Alps TouchPad Tray” CHECKBOX
VALUENAME “Apoint”
VALUEON DELETE
VALUEOFF “%ProgramFiles%Apoint2kApoint.exe”
END PART
PART “Adobe Reader Speed Launcher” CHECKBOX
VALUENAME “Adobe Reader Speed Launcher”
VALUEON DELETE
VALUEOFF “%ProgramFiles%AdobeReader 8.0ReaderReader_sl.exe”
END PART
PART “Adobe Photo Downloader” CHECKBOX
VALUENAME “Adobe Photo Downloader”
VALUEON DELETE
VALUEOFF “%ProgramFiles%AdobePhotoshop Elements 5.0apdproxy.exe”
END PART
PART “HP Software Update” CHECKBOX
VALUENAME “HP Software Update”
VALUEON DELETE
VALUEOFF “%ProgramFiles%Hewlett-PackardHP Software UpdateHPWuSchd2.exe”
END PART
PART “Olympus Camera Software” CHECKBOX
VALUENAME “OM_Monitor”
VALUEON DELETE
VALUEOFF “%ProgramFiles%OLYMPUSOLYMPUS MasterFirstStart.exe”
END PART
PART “IntelliPoint” CHECKBOX
VALUENAME “IntelliPoint”
VALUEON DELETE
VALUEOFF “%ProgramFiles%Microsoft IntelliPointipoint.exe”
END PART
PART “Roxio Drag-to-Disc” CHECKBOX
VALUENAME “RoxioDragToDisc”
VALUEON DELETE
VALUEOFF “%ProgramFiles%RoxioEasy CD Creator 6DragToDiscDrgToDsc.exe”
END PART
PART “Roxio Engine Utility” CHECKBOX
VALUENAME “RoxioEngineUtility”
VALUEON DELETE
VALUEOFF “%ProgramFiles%Common FilesRoxio SharedSystemEngUtil.exe”
END PART
PART “S3 Video Driver Helper” CHECKBOX
VALUENAME “VTTimer”
VALUEON DELETE
VALUEOFF “VTTimer.exe”
END PART
PART “S3 Video Driver Tray Icon” CHECKBOX
VALUENAME “VTtrayp”
VALUEON DELETE
VALUEOFF “VTtrayp.exe”
END PART
PART “HP QuickLaunch Buttons Tray” CHECKBOX
VALUENAME “QlbCtrl”
VALUEON DELETE
VALUEOFF “%ProgramFiles%Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start”
END PART
PART “PCTel Modem Utility” CHECKBOX
VALUENAME “PCTVOICE”
VALUEON DELETE
VALUEOFF “pctspk.exe”
END PART
END POLICY
;not fully managed
POLICY “System Services”
KEYNAME “SYSTEMCurrentControlSetServices”
PART “CD Burning Service” DROPDOWNLIST NOSORT
KEYNAME “SYSTEMCurrentControlSetServicesImapi”
VALUENAME “Start”
ITEMLIST
NAME “Disabled” VALUE NUMERIC “4”
NAME “Manual” VALUE NUMERIC “3” DEFAULT
NAME “Automatic” VALUE NUMERIC “2”
END ITEMLIST
END PART
PART “Smart Board Service” DROPDOWNLIST NOSORT
KEYNAME “SYSTEMCurrentControlSetServicesSMART Board Service”
VALUENAME “Start”
ITEMLIST
NAME “Disabled” VALUE NUMERIC “4”
NAME “Manual” VALUE NUMERIC “3” DEFAULT
NAME “Automatic” VALUE NUMERIC “2”
END ITEMLIST
END PART
PART “Smart Board Web Server” DROPDOWNLIST NOSORT
KEYNAME “SYSTEMCurrentControlSetServicesSMART Web Server”
VALUENAME “Start”
ITEMLIST
NAME “Disabled” VALUE NUMERIC “4”
NAME “Manual” VALUE NUMERIC “3” DEFAULT
NAME “Automatic” VALUE NUMERIC “2”
END ITEMLIST
END PART
PART “Messenger” DROPDOWNLIST NOSORT
KEYNAME “SYSTEMCurrentControlSetServicesMessenger”
VALUENAME “Start”
ITEMLIST
NAME “Disabled” VALUE NUMERIC “4” DEFAULT
NAME “Manual” VALUE NUMERIC “3”
NAME “Automatic” VALUE NUMERIC “2”
END ITEMLIST
END PART
PART “Remote Registry” DROPDOWNLIST NOSORT
KEYNAME “SYSTEMCurrentControlSetServicesRemoteRegistry”
VALUENAME “Start”
ITEMLIST
NAME “Disabled” VALUE NUMERIC “4”
NAME “Manual” VALUE NUMERIC “3”
NAME “Automatic” VALUE NUMERIC “2” DEFAULT
END ITEMLIST
END PART
PART “Universal PnP” DROPDOWNLIST NOSORT
KEYNAME “SYSTEMCurrentControlSetServicesupnphost”
VALUENAME “Start”
ITEMLIST
NAME “Disabled” VALUE NUMERIC “4”
NAME “Manual” VALUE NUMERIC “3” DEFAULT
NAME “Automatic” VALUE NUMERIC “2”
END ITEMLIST
END PART
PART “Admin Alerts” DROPDOWNLIST NOSORT
KEYNAME “SYSTEMCurrentControlSetServicesAlerter”
VALUENAME “Start”
ITEMLIST
NAME “Disabled” VALUE NUMERIC “4” DEFAULT
NAME “Manual” VALUE NUMERIC “3”
NAME “Automatic” VALUE NUMERIC “2”
END ITEMLIST
END PART
PART “Clipboard Server” DROPDOWNLIST NOSORT
KEYNAME “SYSTEMCurrentControlSetServicesClipSrv”
VALUENAME “Start”
ITEMLIST
NAME “Disabled” VALUE NUMERIC “4” DEFAULT
NAME “Manual” VALUE NUMERIC “3”
NAME “Automatic” VALUE NUMERIC “2”
END ITEMLIST
END PART
PART “Indexing Service” DROPDOWNLIST NOSORT
KEYNAME “SYSTEMCurrentControlSetServicesCiSvc”
VALUENAME “Start”
ITEMLIST
NAME “Disabled” VALUE NUMERIC “4”
NAME “Manual” VALUE NUMERIC “3” DEFAULT
NAME “Automatic” VALUE NUMERIC “2”
END ITEMLIST
END PART
PART “nVidia Driver Helper Service” DROPDOWNLIST NOSORT
KEYNAME “SYSTEMCurrentControlSetServicesNVSvc”
VALUENAME “Start”
ITEMLIST
NAME “Disabled” VALUE NUMERIC “4”
NAME “Manual” VALUE NUMERIC “3” DEFAULT
NAME “Automatic” VALUE NUMERIC “2”
END ITEMLIST
END PART
PART “Performance Logs and Alerts” DROPDOWNLIST NOSORT
KEYNAME “SYSTEMCurrentControlSetServicesSysmonLog”
VALUENAME “Start”
ITEMLIST
NAME “Disabled” VALUE NUMERIC “4”
NAME “Manual” VALUE NUMERIC “3” DEFAULT
NAME “Automatic” VALUE NUMERIC “2”
END ITEMLIST
END PART
PART “Remote Assistance” DROPDOWNLIST NOSORT
KEYNAME “SYSTEMCurrentControlSetServicesRDSessMgr”
VALUENAME “Start”
ITEMLIST
NAME “Disabled” VALUE NUMERIC “4”
NAME “Manual” VALUE NUMERIC “3” DEFAULT
NAME “Automatic” VALUE NUMERIC “2”
END ITEMLIST
END PART
PART “Telnet” DROPDOWNLIST NOSORT
KEYNAME “SYSTEMCurrentControlSetServicesTlntSvr”
VALUENAME “Start”
ITEMLIST
NAME “Disabled” VALUE NUMERIC “4” DEFAULT
NAME “Manual” VALUE NUMERIC “3”
NAME “Automatic” VALUE NUMERIC “2”
END ITEMLIST
END PART
PART “UPS” DROPDOWNLIST NOSORT
KEYNAME “SYSTEMCurrentControlSetServicesUPS”
VALUENAME “Start”
ITEMLIST
NAME “Disabled” VALUE NUMERIC “4”
NAME “Manual” VALUE NUMERIC “3” DEFAULT
NAME “Automatic” VALUE NUMERIC “2”
END ITEMLIST
END PART
END POLICY
END CATEGORY
CATEGORY “Windows Features”
POLICY “Overide Antivirus Monitoring”
KEYNAME “SOFTWAREMicrosoftSecurity Center”
VALUENAME “AntiVirusOverride”
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
POLICY “Disable Windows Error Reporting”
KEYNAME “SOFTWAREMicrosoftPCHealthErrorReporting”
VALUENAME DoReport
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
END POLICY
POLICY “Prevent Windows Messenger from Running”
KEYNAME “SOFTWAREMicrosoftMessengerClient”
VALUENAME “PreventRun”
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
POLICY “Enable CD—Burning for all Users”
KEYNAME “SoftwareMicrosoftWindows NTCurrentVersionWinlogon”
VALUENAME “AllocateDASD”
VALUEON NUMERIC 2
VALUEOFF NUMERIC 0
END POLICY
END CATEGORY
CATEGORY “Windows Media Player”
POLICY “Disable Automatic Update”
KEYNAME “SOFTWAREMicrosoftWindowsMediaPlayer”
VALUENAME “DisableAutoUpdate”
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
POLICY “Disable Automatic Upgrade”
KEYNAME “SOFTWAREMicrosoftWindowsMediaPlayer”
VALUENAME “EnableAutoUpgrade”
VALUEON “No”
VALUEOFF “Yes”
END POLICY
END CATEGORY
CATEGORY “Java”
POLICY “Plugin”
KEYNAME “SOFTWAREJavaSoftJava Plug-in1.6.0_01”
VALUENAME “HideSystemTrayIcon”
VALUEON NUMERIC “1”
VALUEOFF NUMERIC “0”
ACTIONLISTON
KEYNAME “SOFTWAREJavaSoftJava Plug-in1.6.0_02”
VALUENAME “HideSystemTrayIcon” VALUE NUMERIC 1
KEYNAME “SOFTWAREJavaSoftJava Plug-in1.6.0_03”
VALUENAME “HideSystemTrayIcon” VALUE NUMERIC 1
END ACTIONLISTON
ACTIONLISTOFF
KEYNAME “SOFTWAREJavaSoftJava Plug-in1.6.0_02”
VALUENAME “HideSystemTrayIcon” VALUE NUMERIC 0
KEYNAME “SOFTWAREJavaSoftJava Plug-in1.6.0_03”
VALUENAME “HideSystemTrayIcon” VALUE NUMERIC 0
END ACTIONLISTOFF
END POLICY
POLICY “Update”
KEYNAME “SOFTWAREJavaSoftJava UpdatePolicy”
PART “Disable Update” CHECKBOX
VALUENAME “EnableJavaUpdate”
VALUEON NUMERIC “0”
VALUEOFF NUMERIC “1”
END PART
PART “Disable Auto Update” CHECKBOX
VALUENAME “EnableAutoUpdateCheck”
VALUEON NUMERIC “0”
VALUEOFF NUMERIC “1”
END PART
PART “Don’t Notify on Download” CHECKBOX
VALUENAME “NotifyDownload”
VALUEON NUMERIC “0”
VALUEOFF NUMERIC “1”
END PART
PART “Don’t Notify on Install” CHECKBOX
VALUENAME “NotifyInstall”
VALUEON NUMERIC “0”
VALUEOFF NUMERIC “1”
END PART
PART “Don’t Prompt for AutoUpdate” CHECKBOX
VALUENAME “PromptAutoUpdateCheck”
VALUEON NUMERIC “0”
VALUEOFF NUMERIC “1”
END PART
END POLICY
END CATEGORY
CATEGORY “Adobe”
POLICY “Adobe Updater”
KEYNAME “SoftwareAdobeUpdater”
PART “Disable” CHECKBOX
VALUENAME “Enterprise”
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END PART
END POLICY
POLICY “Reader EULA”
KEYNAME “SOFTWAREAdobeAcrobat Reader8.0AdobeViewer”
VALUENAME “Accept EULA” VALUEON NUMERIC 1
ACTIONLISTON
VALUENAME “Launched”
VALUE NUMERIC 1
END ACTIONLISTON
ACTIONLISTOFF
VALUENAME “Launched”
VALUE NUMERIC 0
END ACTIONLISTOFF
END POLICY
POLICY “Reader Features”
KEYNAME “SOFTWAREAdobeAcrobat Reader8.0FeatureLockdown”
PART “Disable Updater” CHECKBOX
VALUENAME “bUpdater”
VALUEON NUMERIC “0”
VALUEOFF NUMERIC “1”
END PART
PART “Disable E‑Book Menu” CHECKBOX
VALUENAME “bShowEbookMenu”
VALUEON NUMERIC “0”
VALUEOFF NUMERIC “1”
END PART
PART “Disable Purchase” CHECKBOX
VALUENAME “bPurchaseAcro”
VALUEON NUMERIC “0”
VALUEOFF NUMERIC “1”
END PART
PART “Disable Create PDF Online” CHECKBOX
VALUENAME “bCreatePDFOnline”
VALUEON NUMERIC “0”
VALUEOFF NUMERIC “1”
END PART
PART “Disable Browser Integration” CHECKBOX
VALUENAME “bBrowserIntegration”
VALUEON NUMERIC “0”
VALUEOFF NUMERIC “1”
END PART
PART “Disable Send to FedEx Kinko’s” CHECKBOX
VALUENAME “bFedExInternetPrinting”
VALUEON NUMERIC “0”
VALUEOFF NUMERIC “1”

END PART
END POLICY
POLICY “Photoshop Elements”
KEYNAME “SoftwareMicrosoftWindowsCurrentVersionUninstall{A7B609FB-83D8-4FC3-8477–1BC65ECFE85B}”
PART “EULA Accepted” CHECKBOX
VALUENAME “epic_eula_accepted”
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END PART
PART “EULA Accepted Time” CHECKBOX
VALUENAME “epic_eula_accepted_time”
VALUEON “2006−11−01 10:00”
END PART
PART “EULA Selected” CHECKBOX
VALUENAME “epic_eula_selected”
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
END PART
PART “Locale” CHECKBOX
VALUENAME “epic_eula_selected_locale”
VALUEON “en_us”
END PART
PART “Registration” CHECKBOX
VALUENAME “EPIC_REGS_COUNT”
VALUEON NUMERIC 4
VALUEOFF NUMERIC 0
END PART
PART “Registration Date” CHECKBOX
VALUENAME “EPIC_REGS_DATE”
VALUEON “2006−11−01 10:00”
END PART
PART “Registration Declined” CHECKBOX
VALUENAME “EPIC_REGS_DECLINE_COUNT”
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
END PART
PART “Registration State” CHECKBOX
VALUENAME “EPIC_REGS_STATE”
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END PART
PART “Registration Type” CHECKBOX
VALUENAME “EPIC_REGS_TYPE”
VALUEON NUMERIC 4
VALUEOFF NUMERIC 0
END PART
END POLICY
POLICY “Première Elements”
KEYNAME “SoftwareMicrosoftWindowsCurrentVersionUninstall{530AFAFF-6F0A-48BB-88D0-04F9658322D3}”
PART “EULA Accepted” CHECKBOX
VALUENAME “epic_eula_accepted”
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END PART
PART “EULA Accepted Time” CHECKBOX
VALUENAME “epic_eula_accepted_time”
VALUEON “2006−11−01 10:00”
END PART
PART “EULA Selected” CHECKBOX
VALUENAME “epic_eula_selected”
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
END PART
PART “Locale” CHECKBOX
VALUENAME “epic_eula_selected_locale”
VALUEON “en_us”
END PART
PART “Registration” CHECKBOX
VALUENAME “EPIC_REGS_COUNT”
VALUEON NUMERIC 4
VALUEOFF NUMERIC 0
END PART
PART “Registration Date” CHECKBOX
VALUENAME “EPIC_REGS_DATE”
VALUEON “2006−11−01 10:00”
END PART
PART “Registration Declined” CHECKBOX
VALUENAME “EPIC_REGS_DECLINE_COUNT”
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
END PART
PART “Registration State” CHECKBOX
VALUENAME “EPIC_REGS_STATE”
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END PART
PART “Registration Type” CHECKBOX
VALUENAME “EPIC_REGS_TYPE”
VALUEON NUMERIC 4
VALUEOFF NUMERIC 0
END PART
END POLICY
END CATEGORY
CATEGORY “Audacity”
POLICY “Lame”
KEYNAME “SOFTWAREAudacityAudacityMP3”
PART “Lame Path” EDITTEXT
VALUENAME “MP3LibPath”
DEFAULT “%ProgramFiles%Audacitylame_enc.dll”
EXPANDABLETEXT
END PART
END POLICY
POLICY “Language”
KEYNAME “SOFTWAREAudacityAudacityLocale”
PART “Audacity Language” DROPDOWNLIST
VALUENAME “Language”
ITEMLIST
NAME “English” VALUE “en”
END ITEMLIST
END PART
END POLICY
END CATEGORY
CATEGORY “SmartBoard”
POLICY “Disable Com-Port Prompt”
KEYNAME “SoftwareSMART Technologies Inc.SMART Board SoftwareBoard Tools”
VALUENAME “noboard”
VALUEON NUMERIC 1
VALUEOFF DELETE
END POLICY
POLICY “Gallery”
KEYNAME “SoftwareSMART Technologies Inc.Gallery”
PART “Network Path” EDITTEXT
VALUENAME “DefaultManifest”
DEFAULT “\gatewayglobalsmartimsmanifest.xml”
EXPANDABLETEXT
END PART
END POLICY
END CATEGORY
CATEGORY “Dazzle 03”
POLICY “Disable Save To Web Intro”
KEYNAME “SoftwareIndigo LearningDazzle03”
VALUENAME “ShowSaveToWebIntro”
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
END POLICY
END CATEGORY
CATEGORY “Windows Defender”
POLICY “Set Scheduled Scans”
KEYNAME “SOFTWAREMicrosoftWindows DefenderScan”
PART “Scheduled Day” DROPDOWNLIST NOSORT
VALUENAME “ScheduleDay”
ITEMLIST
NAME “Disabled” VALUE NUMERIC “8”
NAME “Monday” VALUE NUMERIC “2”
NAME “Tuesday” VALUE NUMERIC “3”
NAME “Wednesday” VALUE NUMERIC “4”
NAME “Thursday” VALUE NUMERIC “5”
NAME “Friday” VALUE NUMERIC “6”
NAME “Saturday” VALUE NUMERIC “7”
NAME “Sunday” VALUE NUMERIC “1”
END ITEMLIST
END PART
PART “Scheduled Time” NUMERIC
VALUENAME “ScheduleTime”
MIN 0
MAX 1440
SPIN 30
DEFAULT 0
END PART
PART “Scan Type” DROPDOWNLIST
VALUENAME “ScanParameters”
ITEMLIST
NAME “Quick Scan” VALUE NUMERIC “1”
NAME “Full Scan” VALUE NUMERIC “2”
END ITEMLIST
END PART
END POLICY
POLICY !!DisableAntiSpyware
KEYNAME “SoftwareMicrosoftWindows Defender”
EXPLAIN !!DisableAntiSpyware_Explain
VALUENAME “DisableAntiSpyware”
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
POLICY !!DisableUnknownRTP
KEYNAME “SoftwareMicrosoftWindows DefenderReal-Time Protection”
EXPLAIN !!DisableUnknownRTP_Explain
VALUENAME “EnableUnknownPrompts”
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
POLICY !!CheckForSignaturesBeforeRunningScan
KEYNAME “SoftwareMicrosoftWindows DefenderScan”
EXPLAIN !!CheckForSignaturesBeforeRunningScan_Explain
VALUENAME “CheckForSignaturesBeforeRunningScan”
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
POLICY !!ForceFullUpdate
KEYNAME “SoftwareMicrosoftWindows DefenderSignature Updates”
EXPLAIN !!ForceFullUpdate_Explain
VALUENAME “ForceFullUpdate”
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
POLICY !!EnableLoggingForKnownGood
KEYNAME “SoftwareMicrosoftWindows DefenderReporting”
EXPLAIN !!EnableLoggingForKnownGood_Explain
VALUENAME “DisableLoggingForKnownGood”
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
END POLICY
POLICY !!EnableLoggingForUnknown
KEYNAME “SoftwareMicrosoftWindows DefenderReporting”
EXPLAIN !!EnableLoggingForUnknown_Explain
VALUENAME “DisableLoggingForUnknown”
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
END POLICY
POLICY !!SpyNetReporting
KEYNAME “SoftwareMicrosoftWindows DefenderSpyNet”
EXPLAIN !!SpyNetReporting_Explain
PART !!SpyNetReporting_DropDownList DROPDOWNLIST REQUIRED
VALUENAME “SpyNetReporting”
ITEMLIST
NAME !!SpyNetReporting_DropDownList_Disabled VALUE NUMERIC 0
NAME !!SpyNetReporting_DropDownList_Basic VALUE NUMERIC 1
NAME !!SpyNetReporting_DropDownList_Advanced VALUE NUMERIC 2
END ITEMLIST
END PART
END POLICY
POLICY !!CheckAlternateDownloadLocation
KEYNAME “SoftwareMicrosoftWindows DefenderSignature Updates”
EXPLAIN !!CheckAlternateDownloadLocation_Explain
VALUENAME “CheckAlternateDownloadLocation”
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
END POLICY
END CATEGORY
END CATEGORY

;;;;;;;;;;
CLASS USER
;;;;;;;;;;

CATEGORY “Technician Settings”
CATEGORY “Cookies”
POLICY “Allow cookies on enable website”
KEYNAME “SoftwareMicrosoftWindowsCurrentVersionInternet SettingsP3PHistoryenable-online.com”
VALUENAME “”
VALUEON NUMERIC 1
VALUEOFF DELETE
END POLICY
END CATEGORY
CATEGORY “SmartBoard”
POLICY “Disable Com-Port Prompt”
KEYNAME “SoftwareSMART Technologies Inc.SMART Board SoftwareBoard Tools”
VALUENAME “noboard”
VALUEON NUMERIC 1
VALUEOFF DELETE
END POLICY
POLICY “Gallery”
KEYNAME “SoftwareSMART Technologies Inc.Gallery”
PART “Network Path” EDITTEXT
VALUENAME “DefaultManifest”
DEFAULT “\gatewayglobalsmartSMART Essentials For EducatorsGallery Data Filesgallery_categories.xml”
EXPANDABLETEXT
END PART
END POLICY
END CATEGORY
CATEGORY “Startup Programs”
;not fully managed
POLICY “Disable Startup Programs”
KEYNAME “SOFTWAREMicrosoftWindowsCurrentVersionRun”
PART “Office Language Tools” CHECKBOX
VALUENAME “ctfmon”
VALUEON DELETE
VALUEOFF “%SystemRoot%ctfmon.exe”
END PART
PART “Office Language Tools 2” CHECKBOX
VALUENAME “CTFMON.EXE”
VALUEON DELETE
VALUEOFF “%SystemRoot%ctfmon.exe”
END PART
PART “Msn Messenger” CHECKBOX
VALUENAME “MsnMsgr”
VALUEON DELETE
VALUEOFF “%ProgramFiles%MSN Messengermsnmsgr.exe /background”
END PART
PART “Windows Messenger” CHECKBOX
VALUENAME “msmsgs”
VALUEON DELETE
VALUEOFF “%ProgramFiles%Messengermsmsgs.exe /background”
END PART
END POLICY
END CATEGORY
CATEGORY “IE7 Settings”
POLICY “Always show Menubar”
KEYNAME “SoftwareMicrosoftInternet ExplorerMain”
VALUENAME “AlwaysShowMenus”
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
POLICY “Set Menubar to Top Position”
KEYNAME “SoftwareMicrosoftInternet ExplorerToolbarWebBrowser”
VALUENAME “ITBar7Position”
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
POLICY “Set Google as Default Search”
KEYNAME “SoftwareMicrosoftInternet ExplorerSearchScopes”
VALUENAME “DefaultScope” VALUEON {2D16E5B6-2F07-4341–934E-118468986E78}
ACTIONLISTON
VALUENAME “Version” VALUE NUMERIC 1
KEYNAME “SoftwareMicrosoftInternet ExplorerSearchScopes{2D16E5B6-2F07-4341–934E-118468986E78}”
VALUENAME “DisplayName” VALUE “Google”
VALUENAME “URL” VALUE “https://www.google.com/search?q={searchTerms}&amp;rls=com.microsoft:{language}&amp;ie={inputEncoding}&amp;oe={outputEncoding}&amp;startIndex={startIndex?}&amp;startPage={startPage}”
END ACTIONLISTON
END POLICY
POLICY “Disable First Run Wizard”
KEYNAME “SoftwareMicrosoftInternet ExplorerMain”
VALUENAME “DisableFirstRunCustomize”
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
POLICY “Disable Phishing Filter”
KEYNAME “SoftwareMicrosoftInternet ExplorerPhishingFilter”
VALUENAME “Enabled”
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
END POLICY
POLICY “Turn Off Language Bar on Startup”
KEYNAME “SoftwareMicrosoftCTF”
VALUENAME “Disable Thread Input Manager” VALUEON NUMERIC 1
ACTIONLISTON
VALUENAME “ExtraIconsOnMinimized” VALUE NUMERIC 0
KEYNAME “SOFTWAREMicrosoftInternet ExplorerInternational”
VALUENAME “AcceptLanguage” VALUE “en-gb”
KEYNAME “SoftwareMicrosoftCTFMSUTB”
VALUENAME “ShowDeskBand” VALUE NUMERIC 1
KEYNAME “SoftwareMicrosoftCTFLangBar”
VALUENAME “ShowStatus” VALUE NUMERIC 3
END ACTIONLISTON
END POLICY
POLICY “Turn off Language Bar on Startup (part 2)”
KEYNAME “Keyboard LayoutPreload”
VALUENAME “2” VALUEON DELETE
ACTIONLISTON
VALUENAME “ShowStatus” VALUE NUMERIC 2
KEYNAME “SoftwareClassesCLSID{540D8A8B-1C3F-4E32-8132–530F6A502090}”
VALUENAME “MenuTextPUI” VALUE DELETE
END ACTIONLISTON
END POLICY
POLICY “Disable Customer Improvement Program”
KEYNAME “SoftwareMicrosoftInternet ExplorerSQM”
VALUENAME “DisableCustomerImprovementProgram”
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
END CATEGORY
CATEGORY “Adobe Reader 8”
POLICY “Show a taskbar icon for each document”
KEYNAME “SoftwareAdobeAcrobat Reader8.0AVGeneral”
VALUENAME “bDocumentsInTaskbar”
VALUEON “1”
VALUEOFF DELETE
END POLICY
POLICY “Beyond Acrobat”
KEYNAME “SoftwareAdobeAcrobat Reader8.0Downtown”
PART “Don’t show at launch” CHECKBOX
VALUENAME “bDontShowAtLaunch”
VALUEON NUMERIC “1”
VALUEOFF NUMERIC “0”
END PART
PART “Don’t Go online” CHECKBOX
VALUENAME “bGoOnline”
VALUEON NUMERIC “0”
VALUEOFF NUMERIC “1”
END PART
END POLICY
END CATEGORY
CATEGORY “Windows Defender”
POLICY “Set Scheduled Scans”
KEYNAME “SOFTWAREMicrosoftWindows DefenderScan”
PART “Scheduled Day” DROPDOWNLIST NOSORT
VALUENAME “ScheduleDay”
ITEMLIST
NAME “Disabled” VALUE NUMERIC “8”
NAME “Monday” VALUE NUMERIC “2”
NAME “Tuesday” VALUE NUMERIC “3”
NAME “Wednesday” VALUE NUMERIC “4”
NAME “Thursday” VALUE NUMERIC “5”
NAME “Friday” VALUE NUMERIC “6”
NAME “Saturday” VALUE NUMERIC “7”
NAME “Sunday” VALUE NUMERIC “1”
END ITEMLIST
END PART
PART “Scheduled Time” NUMERIC
VALUENAME “ScheduleTime”
MIN 0
MAX 1440
SPIN 30
DEFAULT 0
END PART
PART “Scan Type” DROPDOWNLIST
VALUENAME “ScanParameters”
ITEMLIST
NAME “Quick Scan” VALUE NUMERIC “1”
NAME “Full Scan” VALUE NUMERIC “2”
END ITEMLIST
END PART
END POLICY
POLICY “Disable Non-Admin Access”
KEYNAME “SOFTWAREMicrosoftWindows DefenderUX Configuration”
VALUENAME “AllowNonAdminFunctionality”
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
END POLICY
END CATEGORY
CATEGORY “ScreenSaver”
;not fully managed
POLICY “ScreenSaver Settings”
KEYNAME “Control PanelDesktop”
PART “Screensaver Time” NUMERIC
VALUENAME “ScreenSaveTimeOut”
MIN 1
MAX 120
DEFAULT 10
END PART
PART “Set Screensaver” DROPDOWNLIST NOSORT
VALUENAME “SCRNSAVE.EXE”
ITEMLIST
NAME “Default” VALUE “%SystemRoot%scrnsave.scr”
NAME “3D Flying Objects” VALUE “%SystemRoot%ss3dfo.scr”
NAME “3D Text” VALUE “%SystemRoot%sstext3d.scr”
NAME “Logon” VALUE “%SystemRoot%logon.scr”
NAME “Bezier Curves” VALUE “%SystemRoot%ssbezier.scr”
NAME “3D Flowerbox” VALUE “%SystemRoot%ssflwbox.scr”
NAME “Marquee” VALUE “%SystemRoot%ssmarque.scr”
NAME “My Pictures Slideshow” VALUE “%SystemRoot%ssmypics.scr”
NAME “Mystify” VALUE “%SystemRoot%ssmyst.scr”
NAME “3D Pipes” VALUE “%SystemRoot%sspipes.scr”
NAME “Flying Stars” VALUE “%SystemRoot%ssstars.scr”
END ITEMLIST
END PART
END POLICY
POLICY “Flying Objects Settings”
KEYNAME “SoftwareMicrosoftScreensaversFlying Objects”
PART “Options” NUMERIC
VALUENAME “Options”
DEFAULT 1
END PART
PART “Type” NUMERIC
VALUENAME “Type”
DEFAULT 6
END PART
PART “Tesselation” NUMERIC
VALUENAME “Tesselation”
DEFAULT 200
END PART
PART “Size” NUMERIC
VALUENAME “Size”
DEFAULT 175
END PART
PART “Texture” EDITTEXT
VALUENAME “Texture”
DEFAULT “\serverlogoscr.bmp”
EXPANDABLETEXT
END PART
PART “TextureFileOffset” NUMERIC
VALUENAME “TextureFileOffset”
DEFAULT 12
END PART
PART “AllScreensSame” NUMERIC
VALUENAME “AllScreensSame”
DEFAULT 0
END PART
END POLICY
POLICY “3D Text Settings”
KEYNAME “SoftwareMicrosoftScreensaversText3D”
PART “Rotation Speed” NUMERIC
VALUENAME “RotationSpeed”
DEFAULT 10
END PART
PART “Rotation Style” NUMERIC
VALUENAME “RotationStyle”
DEFAULT 3
END PART
PART “Size” NUMERIC
VALUENAME “Size”
DEFAULT 5
END PART
PART “Text to Show” EDITTEXT
VALUENAME “DisplayString”
DEFAULT “Greasbrough”
EXPANDABLETEXT
END PART
PART “Font” EDITTEXT
VALUENAME “FontFace”
DEFAULT “Agency FB”
EXPANDABLETEXT
END PART
PART “Specular” NUMERIC
VALUENAME “Specular”
DEFAULT 1
END PART
PART “Surface Type” NUMERIC
VALUENAME “SurfaceType”
DEFAULT 1
END PART
END POLICY
END CATEGORY
CATEGORY “Windows Features”
POLICY “Don’t hide inactive icons”
KEYNAME “SoftwareMicrosoftWindowsCurrentVersionExplorer”
VALUENAME “EnableAutoTray”
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
END POLICY
POLICY “Disable Desktop clean-up wizard”
KEYNAME “SoftwareMicrosoftWindowsCurrentVersionExplorerDesktopCleanupWiz”
VALUENAME “NoRun”
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
POLICY “Enable classic control panel”
KEYNAME “SoftwareMicrosoftWindowsCurrentVersionExplorer”
VALUENAME “ForceClassicControlPanel”
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
POLICY “Don’t highlight newly installed software”
KEYNAME “SoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced”
VALUENAME “Start_NotifyNewApps”
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
END POLICY
POLICY “Enable ClearType”
KEYNAME “Control PanelDesktop”
VALUENAME “FontSmoothingType”
VALUEON NUMERIC 2
VALUEOFF NUMERIC 1
END POLICY
POLICY “Disable Tour Popup”
KEYNAME “SOFTWAREMicrosoftWindowsCurrentVersionAppletsTour”
VALUENAME “RunCount”
VALUEON NUMERIC 0
VALUEOFF DELETE
END POLICY
END CATEGORY
CATEGORY !!EZ_GPO
POLICY !!BASE_CFG
KEYNAME “SoftwarePoliciesTerraNovumEZ_GPO”
EXPLAIN !!BASE_CFG_EXP
PART “Power Management Settings Schema” DROPDOWNLIST REQUIRED
VALUENAME “SettingsScheme”
ITEMLIST
NAME !!SettingsSchemeSimpleIndex VALUE “Simple” Default
END ITEMLIST
END PART
PART “Power Management Settings Schema Major Version” NUMERIC REQUIRED
VALUENAME “MajorVersion”
DEFAULT 2
MIN 2
MAX 99
END PART
PART “Power Management Settings Schema Minor Version” NUMERIC REQUIRED
VALUENAME “MinorVersion”
DEFAULT 0
MIN 0
MAX 99
END PART
PART “Control Variable [Do Not Modify]” DROPDOWNLIST REQUIRED
VALUENAME “Control”
ITEMLIST
NAME “Control Variable [Do Not Modify]” VALUE “Verify” Default
END ITEMLIST
END PART
END POLICY
POLICY !!OPTIONS
KEYNAME “SoftwarePoliciesTerraNovumEZ_GPOOptions”
EXPLAIN !!OPTIONS_EXP
PART “Security Override” CHECKBOX
VALUENAME “SecurityBypass”
VALUEON NUMERIC 1 ;Security Override flag
VALUEOFF NUMERIC 0
END PART
PART “Force Standby to Be Set on All Machines” CHECKBOX
VALUENAME “ForceStandby”
VALUEON NUMERIC 1 ;Force Standby flag
VALUEOFF NUMERIC 0
END PART
END POLICY
POLICY !!SETTINGS_SCHEME_SIMPLE
KEYNAME “SoftwarePoliciesTerraNovumEZ_GPOSimple”
EXPLAIN !!SETTINGS_SCHEME_SIMPLE_EXP
PART “AC User Monitor Timeout” NUMERIC REQUIRED
VALUENAME “ACUserMonIdleTime”
DEFAULT 10
MIN 0
MAX 300
END PART
PART “AC User System Standby Timeout” NUMERIC REQUIRED
VALUENAME “ACUserStandByIdleTime”
DEFAULT 15
MIN 0
MAX 300
END PART
PART “AC Machine Hibernate Timeout” NUMERIC REQUIRED
VALUENAME “ACMachHibernateIdleTime”
DEFAULT 30
MIN 0
MAX 300
END PART
PART “DC User Monitor Timeout” NUMERIC REQUIRED
VALUENAME “DCUserMonIdleTime”
DEFAULT 5
MIN 0
MAX 300
END PART
PART “DC User System Standby Timeout” NUMERIC REQUIRED
VALUENAME “DCUserStandByIdleTime”
DEFAULT 10
MIN 0
MAX 300
END PART
PART “DC Machine Hibernate Timeout” NUMERIC REQUIRED
VALUENAME “DCMachHibernateIdleTime”
DEFAULT 15
MIN 0
MAX 300
END PART
END POLICY
END CATEGORY ; EZ_GPO
END CATEGORY

[strings]
DisableAntiSpyware=“Turn off Windows Defender”
DisableAntiSpyware_Explain=“Turns off Windows Defender Real-Time Protection, and no more scans are scheduled.nnIf you enable this policy setting, Windows Defender does not run, and computers will not be scanned for spyware or other potentially unwanted software.nnIf you disable or do not configure this policy setting, by default Windows Defender runs and computers are scanned for spyware and other potentially unwanted software.”
DisableUnknownRTP=“Turn off Real-Time Protection Prompts for Unknown Detection”
DisableUnknownRTP_Explain=“Turns off Real-Time Protection prompts for unknown detection.nnIf you enable this policy setting, Windows Defender does not prompt users to allow or block unknown activity.nnIf you disable or do not configure this policy setting, by default Windows Defender prompts users to allow or block unknown activity on the computer.”
CheckForSignaturesBeforeRunningScan=“Check for New Signatures Before Scheduled Scans”
CheckForSignaturesBeforeRunningScan_Explain=“Checks for new signatures before running scheduled scans.nnIf you enable this policy setting, the scheduled scan checks for new signatures before it scans the computer.nnIf you disable or do not configure this policy setting, the scheduled scan begins without downloading new signatures.”
ForceFullUpdate=“Download Entire Signature Set”
ForceFullUpdate_Explain=“Downloads the full signature set, rather than only the signatures that have been updated since the last signature download. Downloading the full signature set can help troubleshoot problems with signature installations, but because the file is large, it can take longer to download. nnIf you enable this policy setting, the full signatures set is downloaded.nnIf you disable or do not configure this policy setting, by default only updated signatures are downloaded.”
EnableLoggingForKnownGood=“Enable Logging Known Good Detections”
EnableLoggingForKnownGood_Explain=“Enables logging detection data during Real-time Protection when Windows Defender detects known good files. Logging detections provides you with detailed information about the programs that run on the computers you monitor.nnIf you enable this policy setting, known good files are logged.nnIf you disable or do not configure this policy setting, by default known good files are not logged.nnEnabling this policy setting can result in a greater number of events in the log.”
EnableLoggingForUnknown=“Enable Logging Unknown Detections”
EnableLoggingForUnknown_Explain=“Enables logging detections during Real-time Protection when Windows Defender detects unknown files. Logging detections provides you with detailed information about the programs that run on the computers you monitor.nnIf you enable or do not configure this policy setting, by default unknown files are logged.nnIf you disable this policy setting, unknown files are not logged.nnEnabling this policy setting can result in a greater number of events in the log.”
SpyNetReporting=“Configure Microsoft SpyNet Reporting”
SpyNetReporting_Explain=“Adjusts membership in Microsoft SpyNet.nnMicrosoft SpyNet is the online community that helps you choose how to respond to potential spyware threats. The community also helps stop the spread of new spyware infections.nnHere’s how it works. When Windows Defender detects software or changes by software not yet classified for risks, you see how other members responded to the alert. In turn, the action you apply help other members choose how to respond. Your actions also help Microsoft choose which software to investigate for potential threats. You can choose to send basic or additional information about detected software. Additional information helps improve how Windows Defender works. It can include, for example, the location of detected items on your computer if harmful software has been removed. Windows Defender will automatically collect and send the information.nnIf you enable this policy setting and choose “No Membership” from the drop-down list, SpyNet membership will be disabled. At this setting, no information will be sent to Microsoft. You will not be alerted if Windows Defender detects unclassified software running on your computer. Local users will not be able to change their SpyNet membership.nnIf you enable this policy setting and choose “Basic” from the drop-down list, SpyNet membership is set to “Basic”. At this setting, basic information about the detected items and the actions you apply will be shared with the online community. You will not be alerted if Windows Defender detects software that has not yet been classified for risks.nnIf you enable this policy setting and choose “Advanced” from the drop-down list, SpyNet membership is set to “Advanced”. At this setting, you send your choices and additional information about detected items. You are alerted so you can take action when Windows Defender detects changes to your computer by unclassified software. Your decisions to allow or block changes help Microsoft create new definitions for Windows Defender and better detect harmful software. In some instances, personal information may be sent but no information is used to contact you.nnIf you disable or do not configure this policy setting, by default SpyNet membership is disabled. At this setting, no information will be sent to Microsoft. You will not be alerted if Windows Defender detects unclassified software running on your computer. Local users will still be able to change their SpyNet membership.”
SpyNetReporting_DropDownList=“Microsoft SpyNet Membership”
SpyNetReporting_DropDownList_Disabled=“No Membership”
SpyNetReporting_DropDownList_Basic=“Basic”
SpyNetReporting_DropDownList_Advanced=“Advanced”
CheckAlternateDownloadLocation=“Turn on definition updates through both WSUS and Windows Update”
CheckAlternateDownloadLocation_Explain=“This policy setting allows you to configure Windows Defender to check and install definition updates from Windows Update when a locally managed Windows Server Update Services (WSUS) server is not available.nnWindows Defender checks for defintion updates using the Automatic Updates client. The Automatic Updates client can be configured to check the public Windows Update Web site or a locally managed WSUS server. When a computer is not able to connect to an internal WSUS server, such as when a portable computer is roaming outside of the corporate network, Windows Defender can be configured to also check Windows Update to ensure definition updates are delivered to these roaming machines.nnIf you enable or do not configure this policy setting, by default Windows Defender will check for definition updates from Windows Update, if connections to a locally managed WSUS server fail.nnIf you disable this policy setting, Windows Defender will check for definition updates only on a locally managed WSUS server, if the Automatic Updates client is so configured.nn”
WindowsXP=“Microsoft Windows XP or later”
GPOnly=“Unsupported Administrative Templates”
GPOnlyPolicy=“EZ_GPO.adm”
EZ_GPO=“EZ GPO by the Environmental Protection Agency”
MONITOR_PM=“PC Power Management”
BASE_CFG=“Base Options”
BASE_CFG_EXP=“These are the base configuration settings for the program to function. You should enable this and choose all of the defaults unless you are sure about what you are doing. See the documentation for more info.”
OPTIONS=“Options”
OPTIONS_EXP=“The first option named Security Bypass (NB: User based only and not found under the Computer Policy hive) directs the tool to bypass the hardcoded restrictions placed on it to change power management settings. See the documentation for more but it is only needed when users are of type user or guest. Note, this is a safety override (like rm ‑f) and does not actually gives users of insufficient rights, the ability to change PM settings. The second option, Force Standby, overrides the default behavior of the tool which enables system standby on machines capable of S3 (ACPI ver.2) or better. Enabling this option will allow the tool to set standby on earlier ACPI and APM2 capable machines. This could be useful for non Intel or laptop heavy environments since standby worked better on non S3 capable laptops as opposed to desktops.
SettingsSchemeSimpleIndex=“Simple Settings Scheme”
SETTINGS_SCHEME_SIMPLE=“Simple Scheme”
SETTINGS_SCHEME_SIMPLE_EXP=“This is the most basic Settings Scheme available. Each setting can be set to a range of 0–300 minutes where 0 = ‘Never’. NB: Hibernation should be higher than System Standby or set to 0. It should never be equal to System Standby.”[/xml]

Источник

Applies To: Windows Server 2003 (see admx/adml for higher version of windows servers)

This section includes a complete reference guide for using the .adm language to create policy settings.

Each .adm file can contain zero or more policy settings, and each policy setting in turn can contain zero or more parts. The .adm language includes the following components:

Comments
Strings
CLASS
CATEGORY
POLICY
PART
ITEMLIST
ACTIONLIST

.Adm File Language Versions

You can specify that any part of your .adm file be evaluated only in specific versions of the Group Policy editing tools. Table 5 lists the versions of the Group Policy editing tools.

Table 5 Versions of Group Policy Editing Tools

Operating System(s)	Version	Type
Windows XP SP2	5.0	Group Policy
Windows Server 2003 and Windows XP	4.0	Group Policy
Windows Server 2000	3.0	Group Policy
Windows NT® 3.x and 4.x	2.0	System Policy
Windows 95	1.0	System Policy

Comments

You can use two methods to add comments to an .adm file. You can precede the comment either with a semicolon (;) or with two forward slashes (//). You can place comments at the end of any valid line.

Strings

To add strings to an .adm file, precede the text with two exclamation points (!!). At the end of the .adm file, all strings must be defined in the [strings] section. The strings must be enclosed in quotation marks (“). Optionally, you can enclose a variable name or hard-coded string in quotation marks.

Example

POLICY 34]!!LimitSize 
   EXPLAIN!!LimitSize_Explain   ; This string is stored in the strings section 
   TIP1 "Limit Profile Size to"   ; This string is hard coded 
 
[strings] 
LimitSize="Limit profile size" 
LimitSize_Explain="Limits the size of user profiles"

Best Practice

Place all strings in the [strings] section of the .adm file. This facilitates conversion of the .adm file to other languages (that is, for localization), as you only need to modify the [strings] section of an .adm file to port it to different languages.

CLASS

This component defines where your policy setting is displayed in the Group Policy Object Editor.

The first entry in the .adm file is the keyword CLASS. This specifies whether the subsequent entries should be displayed under theComputer Configuration or User Configuration node of Group Policy Object Editor.

Syntax

The CLASS syntax is as follows:

Name

This defines the name of the CLASS, which must be MACHINE or USER.

If the .adm file contains a CLASS other than the valid classes (MACHINE or USER), the errors are ignored when loaded in Group Policy Object Editor.

Example

The following examples illustrate the use of the CLASS component.

Note
You can define multiple CLASS USER or CLASS MACHINE sections in an .adm file. When the file is processed, all the CLASS USER sections are merged, and all CLASS MACHINE sections are merged. However, for ease of ongoing .adm file management, it is recommended that you define CLASS USER or CLASS MACHINE once.

Note
You can create child nodes by nesting a CATEGORY within another CATEGORY.

Note
If you have a CATEGORY defined with a default KEYNAME in it, and the same category is found again later in the .adm file, that same default KEYNAME is still in effect. This means that you can get an error message about KEYNAME being defined twice, when it was actually just defined in the same category earlier. To remove the error condition, remove the duplicate category entry.

POLICY

To identify a policy setting that the user can modify, use the keyword POLICY. The policy and its associated controls are displayed in a dialog box that administrators use to set the state of the policy. You can use multiple POLICY key names under one KEYNAME.

The following examples illustrate the syntax of POLICY.

Syntax

POLICY name 
   [KEYNAME key name] 
   [EXPLAIN help string] 
   [VALUENAME value name] 
   [CLIENTEXT guid] 
   [part definition statements] 
END POLICY

name

The name of the policy as it should be displayed in the Group Policy Object Editor namespace.

key name

This is an optional path to the registry key to use for the category. Do not include HKEY_LOCAL_MACHINE orHKEY_CURRENT_USER in the registry path as the preceding CLASS statement determines which of these keys is used.

If you specify a key name, all PART definition statements will use this key name unless they specifically provide a key name of their own.

help string

The Help string is the text displayed in the Explain tab of the dialog box for the policy setting.

value name

Value name is the registry value to modify. Selecting this option sets the value as a REG_DWORD of 1. Clearing the option removes the registry value. To specify values other than the default values, use the VALUEON and VALUEOFF statements directly following the corresponding VALUENAME statement. These statements are specified as follows:

VALUEON on value 
VALUEOFF off value

When you use these statements, the behavior is modified such that if the administrator selects the option, the value is set to on value. If the administrator clears the option, the value is set to off value.

guid

This is an optional value that specifies the globally unique identifier (GUID) of the snap-in extension.

part definition statements

A policy can contain zero or more PART statements to specify various options, including drop-down list boxes, text boxes, and text in the lower pane of the Group Policy Object Editor.

POLICY Example

CLASS MACHINE 
 
CATEGORY!!DiskQuota 
 
   KEYNAME "Software\Policies\MS\DiskQuota" 
 
   POLICY!!DQ_Enable 
      EXPLAIN !!DQ_Enable_Help 
      VALUENAME "Enable" 
         VALUEON  NUMERIC 1 
         VALUEOFF NUMERIC 0 
      CLIENTEXT {3610eda5-77ef-11d2-8dc} 
 
      PART!!DQ_EnableTip1    TEXT     
      END PART 
   END POLICY 
 
END CATEGORY 
 
[strings] 
DiskQuota="Disk Quotas" 
DQ_Enable="Enable disk quotas" 
DQ_Enable_Help="Enables and disables disk quota management" 
DQ_EnableTip1="Enable disk quotas for all NTFS volumes"

POLICY Keywords

The valid keywords for POLICY are:

KEYNAME
PART
VALUENAME
VALUEON
VALUEOFF
ACTIONLISTON
ACTIONLISTOFF
END
HELP
CLIENTEXT
POLICY

PART

Use PART to specify various options, such as drop-down list boxes, text boxes, and text in the lower pane of Group Policy Object Editor.

For a simple policy where you only need to set a registry key to either 1 or 0, you do not need to use PART. PART allows a richer system administrator experience, and collects more information from the administrator through simple controls.

Syntax

PART name part-type type-dependent data 
  [KEYNAME key name] 
  [VALUENAME value name] 
END PART

name

Specifies the PART name as it should appear in Group Policy Object Editor. You can enclose it in quotation marks (“). Names with spaces must be enclosed in quotation marks (“).

part-type

A policy PART type. Table 6 lists the valid types for POLICY.

Table 6 Policy PART Types

Type	Description
CHECKBOX	Displays a check box. The value is set in the registry with the REG_DWORD type. The value is other than zero if the check box is selected and zero if it is not selected.
COMBOBOX	Displays a combo box.
DROPDOWNLIST	Displays a combo box with a drop-down list style. The user may choose only one of the entries supplied.
LISTBOX	Displays a list box with Add and Remove buttons. This is the only PART type that can be used to manage multiple values under one key.
EDITTEXT	Displays a text box that accepts alphanumeric text. The text is set in the registry with either the REG_SZ or the REG_EXPAND_SZ type.
TEXT	Displays a line of static text. There is no associated registry value with this PART type.
NUMERIC	Displays a text box with an optional spin control that accepts a numeric value. The value is set in the registry with the REG_DWORD type.

type-dependent data

This is information about the PART.

key name

This is an optional path to the registry key to use. Do not include HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER in the registry path as the preceding CLASS statement determines which of these keys is used.

If no key name is specified, the previous key name in the hierarchy is used.

value name

The value name indicates the registry value to modify. Selecting this option sets the value to a REG_DWORD of 1, and clearing the option removes the registry value. If you want to specify values other than the default values, use the VALUEON and VALUEOFFstatements directly following the corresponding VALUENAME statement. You specify these statements as follows:

VALUEON on value 
VALUEOFF off value

Keywords

The valid keywords for PART are:

CHECKBOX
TEXT
EDITTEXT
NUMERIC
COMBOBOX
DROPDOWNLIST
LISTBOX
END
CLIENTEXT
PART

Using PART Types to Add Controls to the User Interface

Using the valid keywords along with the PART component allows you to add text and various user interface controls to the properties page of the policy.

Because much of the syntax is related, the next section presents a task-based approach to writing the syntax for these PART types used to create the user interface elements above.

Using the different PART types, you can add text and controls to enhance a policy setting. These types need to be used with thePART component as previously defined.

CHECKBOX PART Type

This PART type displays a check box on the Property page of a policy setting. The value is set in the registry with the REG_DWORD type. The default behavior is as follows:

By default the check box is not selected.
A check box writes the value 1 to the registry if it is selected and 0 if it is not selected.

Syntax

PART text CHECKBOX 
   VALUENAME value name  
END PART

text

This represents the text to be displayed on the right of the check box that you are creating. You can hard code it and enclose it in quotation marks (“) or you can make the string a variable by putting !! in front of the variable name.

value name

Indicates the registry value to which the selected value will be written. Selecting the option sets the value as a REG_DWORD of 1. Clearing the option removes the registry value. To specify values other than the default values, use the VALUEON and VALUEOFFstatements directly following the corresponding VALUENAME statement. These statements are specified as follows:

VALUEON on value 
VALUEOFF off value

To override the default behavior:

To have the check box selected by default use DEFCHECKED. In the preceding sample, the syntax would be:

PART !!SampleChkBox_NotChked CHECKBOX 
         DEFCHECKED 
           VALUENAME "test1" 
    END PART

You can use VALUEON and VALUEOFF. This example accomplishes the following::

Writes the string “Enabled” to the registry when the check box is selected.

Writes a numeric value of 12 when the check box is not selected.

PART !!SampleChkBox_NotChked CHECKBOX 
     VALUENAME "test1" 
     VALUEON "Enabled"  
     VALUEOFF NUMERIC 12    
   END PART

To modify more than one registry key, use an ACTIONLIST.

The valid keywords for CHECKBOX are:

KEYNAME
VALUENAME
VALUEON
VALUEOFF
ACTIONLISTON
ACTIONLISTOFF
DEFCHECKED
CLIENTEXT
END

TEXT PART Type

The PART type TEXT can be used to display text on the Property page of a policy setting. Text uses the following syntax.

text

Text that is to be displayed is entered here. You can hard code it and enclose it in quotation marks (“), or you can make the string a variable by putting !! before the variable name.

The following example illustrates the use of TEXT. The Disable Active Desktop policy deactivates Active Desktop and prevents users from enabling or disabling Active Desktop, or from modifying the configuration.

TEXT Example

POLICY !!NoActiveDesktop 
 
   KEYNAME "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" 
   EXPLAIN!!NoActiveDesktop_Help 
     VALUENAME "NoActiveDesktop" 
 
     PART !!NoActiveDesktop_Tip    TEXT     
     END PART 
 
END POLICY

The valid keyword for TEXT is END.

EDITTEXT PART Type

The EDITTEXT option allows the user to input alphanumeric text into an edit field. The text is set in the registry with the REG_SZ type.

Syntax

PART !!text EDITTEXT 
   VALUENAME value name 
END PART

text

Text to be displayed is entered here. You can hard code it and enclose it in quotation marks (“) or you can make the string a variable by putting two explanation points (!!) before the variable name. This text is displayed on the left side of the edit box.

value name

The value name indicates the registry value to which the users input entered in the Edit Text box will be written.

Table 7 lists the options for EDITTEXT.

Table 7 Options for EDITTEXT

Option	Description
DEFAULT value	Specifies the initial string to place in the edit field. If this option is not specified, the field is initially empty.
MAXLEN value	Specifies the maximum length of a string. The string in the edit field is limited to this length.
REQUIRED	Specifies that the Group Policy Object Editor does not allow a policy containing this PART to be enabled, unless a value has been entered for this PART.
OEMCONVERT	Sets the ES_OEMCONVERT style in the edit field so that typed text is mapped from ASCII to OEM and back. ES_OEMCONVERT converts text entered in the edit control. The text is converted from the Windows character set (ASCII) to the OEM character set and then back to the Windows set. This ensures proper character conversion when the application calls the CharToOem <JavaScript:hhobj_1.Click()> function to convert an ASCII string in the edit control to OEM characters. This style is most useful for edit controls that contain file names.
EXPANDABLETEXT	Specifies that the text is set in the registry with the REG_EXPAND_SZ type. By default, the text is set in the registry with the REG_SZ type

The valid keywords for EDITTEXT are:

KEYNAME
VALUENAME
DEFAULT
REQUIRED
MAXLENGTH
OEMCONVERT
END
EXPANDABLETEXT
CLIENTEXT

EDITTEXT Example

An example of use of the PART component with EDITTEXT and TEXT follows:

CLASS USER 
CATEGORY !!DesktopLockDown 
 
  KEYNAME "Software\Policies\System" 
   POLICY !!Wallpaper    
    EXPLAIN !!Wallpaper_Explain 
 
     PART !!Wallpaper_Tip1       TEXT 
     END PART 
 
     PART !!Wallpaper_Filename   EDITTEXT 
        VALUENAME Wallpaper 
        MAXLEN 60 
     END PART 
 
   END POLICY 
 
END CATEGORY 
 
[strings] 
DesktopLockDown="Desktop Settings" 
Wallpaper="Desktop Wallpaper" 
Wallpaper_Explain="Used to set the desktop wallpaper" 
Wallpaper_FileName="Filename" 
Wallpaper_Tip1="Specify UNC Path for selected wallpaper"

In the preceding example, the text entered into the edit field is written to the registry keyHKEY_CURRENT_USER\Software\Policies\System\Wallpaper. The text can be a maximum of 60 characters.

When this policy setting is Not Configured or Disabled, this key is not written.

EXPANDABLETEXT Example

The following example writes a value to registry with data type REG_EXPAND_SZ.

For example:

PART!!MyVariable    EDITTEXT EXPANDABLETEXT 
VALUENAME ValueToBeChanged 
END PART

REQUIRED Example

The following example generates an error if the user does not enter a value when required.

PART!!MyVariable    EDITTEXT REQUIRED 
  VALUENAME ValueToBeChanged 
END PART

MAXLEN Example

The following example specifies the maximum length of text.

PART!!MyVariable    EDITTEXT 
  VALUENAME ValueToBeChanged 
  MAXLEN 4 
END PART

DEFAULT Example

The following example specifies a default value. This can be used for text or numeric data.

PART!!MyVariable    EDITTEXT 
  DEFAULT !!MySampleText 
  VALUENAME ValueToBeChanged 
END PART

NUMERIC PART Type

Displays an edit field with an optional spinner control (an up-down control) that accepts a numeric value.

NUMERIC Syntax

PART text NUMERIC  
   VALUENAME value name  
   MIN value  
   MAX value 
   DEFAULT value 
   SPIN value  
END PART

text

This represents the text to be displayed on the right of the spin control that you are creating. You can hard code it and enclose it in quotation marks (“) or you can make the string a variable by putting !! before the variable name.

value name

Indicates the registry value to which the selected value will be written.

NUMERIC Default Behavior

The default behavior for the NUMERIC PART type is as follows:

The value is set in the registry as a REG_DWORD type.
You can optionally have the value written as a REG_SZ type by using the TXTCONVERT keyword.

Table 8 shows the options for the NUMERIC type.

Table 8 Options for NUMERIC

Option	Description
DEFAULT value	Specifies the initial numeric value for the edit field. If this option is not specified, the field is initially empty.
MAX value	Specifies the maximum value for the number. The default value is 9999.
MIN value	Specifies the minimum value for the number. The default value is 0.
REQUIRED	Specifies that the Group Policy Object Editor does not allow a policy containing this PART to be enabled unless a value has been entered for this PART.
SPIN value	Specifies increments to use for the spinner control. The default is SPIN 1. SPIN 0 removes the spinner control.
TXTCONVERT	Writes values as REG_SZ strings (“1”, “2”, or “128”) rather than as binary values.

The valid keywords for NUMERIC are:

KEYNAME
VALUENAME
MIN
MAX
SPIN
DEFAULT
REQUIRED
TXTCONVERT
END
CLIENTEXT

Examples of NUMERIC Use

The following example illustrates use of the NUMERIC PART type using the DEFAULT option.

PART!!MyVariable    NUMERIC 
  DEFAULT 5 
  VALUENAME ValueToBeChanged 
END PART

The following example illustrates use of the minimum and maximum valid values for a variable.

PART!!MyVariable    NUMERIC 
  MIN 100 
  MAX 999 
  DEFAULT 55 
  VALUENAME ValueToBeChanged 
END PART

The following example illustrates use of the NUMERIC PART type using SPIN. In this case, increments of 100 are used for the spin control.

PART !!ProfileSize    NUMERIC REQUIRED SPIN 100 
 
        VALUENAME "MaxProfileSize" 
        DEFAULT 30000 
        MAX     30000 
        MIN     300 
END PART

The following example illustrates use of the NUMERIC PART type using the TXTCONVERT option, which writes values as REG_SZstrings (such as “60”) instead of binary values.

PART !!ScreenSaverTimeOutFreqSpin    NUMERIC DEFAULT 900 
 
        MIN 0 MAX 599940 SPIN 60 
        TXTCONVERT 
        VALUENAME "ScreenSaveTimeOut" 
END PART

COMBOBOX PART Type

This PART type displays a combo box. It accepts the same options as EDITTEXT, as well as the SUGGESTIONS option, which begins a list of suggestions to be placed in the drop-down list. SUGGESTIONS are separated with spaces and must be enclosed in quotation marks (“) when a value includes spaces. If a suggestion name includes white space, it must be enclosed in quotation marks. The list ends with END SUGGESTIONS.

Example

The following example illustrates the use of the SUGGESTIONS option.

SUGGESTIONS 
  Alaska Alabama Mississippi "New York" 
END SUGGESTIONS

Keywords

The valid keywords for COMBOBOX are:

KEYNAME
VALUENAME
DEFAULT
SUGGESTIONS
REQUIRED
MAXLENGTH
OEMCONVERT
END
NOSORT
EXPANDABLETEXT
CLIENTEXT
END

DROPDOWNLIST PART Type

Displays a combo box with a drop-down list style. The user may choose only one of the entries supplied.

Note
GPMC requires that you define the key name and value name before you specify DROPDOWNLIST.

DROPDOWNLIST Syntax

DROPDOWNLIST uses the following syntax.

PART !!text DROPDOWNLIST  
   ITEMLIST 
     NAME name VALUE value 
     .. 
     NAME name VALUE value  
   END ITEMLIST 
END PART

text

name

This is text that will be displayed in the drop-down list for a particular item.

value

The value to be written to the specified registry key if this item is selected. Values are assumed to be strings, unless they are preceded by NUMERIC. The following example shows both string and numeric values:

VALUE "Some value"  
VALUE NUMERIC 1

The valid keywords for DROPDOWNLIST are:

KEYNAME
VALUENAME
REQUIRED
ITEMLIST
END
NOSORT
CLIENTEXT

LISTBOX PART Type

The LISTBOX PART component specifies various options such as drop-down list boxes, text boxes, and text in the lower pane of the Group Policy Object Editor. LISTBOX accepts the options shown in Table 9.

Table 9 LISTBOX Options

LISTBOX Option	Description
ADDITIVE	By default, the content of list boxes overrides any values set in the target registry. This means that a control value is inserted in the policy file that causes existing values to be deleted before the values set in the policy file are merged. If this option is specified, existing values are not deleted, and the values set in the list box is in addition to whatever values exist in the target registry.
EXPLICITVALUE	This option makes the user specify the value data and the value name. The list box shows two columns, one for the name and one for the data. This option cannot be used with the VALUEPREFIX option.
VALUEPREFIX prefix	The prefix you specify is used in determining value names. If a prefix is specified, the prefix and an incremented integer are used, instead of the default value naming scheme described previously. For example, a prefix of “SampleName” generates the value names “SampleName1”, “SampleName2”, and so on. The prefix can be empty (“”), which causes the value names to be “1”, “2”, and so on.

By default, only one column appears in the list box, and for each entry a value is created whose name and value are the same. For instance, a “name” entry in the list box creates a value called “name” that contains data called “name”. When using a LISTBOX, use the ADDITIVE keyword unless you have a specific reason not to do so.

The valid keywords for LISTBOX are:

KEYNAME
VALUEPREFIX
ADDITIVE
NOSORT
EXPLICITVALUE
EXPANDABLETEXT
END
CLIENTEXT

Note
Windows XP SP2 fixed issues relating to the LISTBOX ADDITIVE functionality. For more information, see the “Changes to LISTBOX ADDITIVE” section in this document.

ACTIONLIST

You can use an action list to specify a set of arbitrary registry changes to make in response to a control being set to a particular state.

Syntax

The ACTIONLIST syntax is as follows:

ACTIONLIST 
[KEYNAME key name] 
VALUENAME value name  
VALUE value  
END ACTIONLIST

key name

This is an optional path to the registry key. Do not include HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER in the registry path as the preceding CLASS statement determines which of these keys is used. If no key name is specified, the previous key name in the hierarchy is used.

value name

Indicates the registry value to modify. Selecting this option sets the value to a REG_DWORD of 1, and clearing the option removes the registry value. If you want to specify values other than the default values, use the VALUEON and VALUEOFF statements directly following the corresponding VALUENAME statement. You specify these statements as follows:

VALUEON on value  
VALUEOFF off value

value

Values are treated as strings unless they are preceded by NUMERIC, as in the following examples:

VALUE "Some value"  
VALUE NUMERIC 1

If VALUE is followed by DELETE (for example, VALUE DELETE), the registry entry is deleted.

Table 10 lists the two variants for ACTIONLIST that can be used with POLICY and CHECKBOX.

Table 10 Variants for ACTIONLIST

Variant	Description
ACTIONLISTON	Specifies an optional action list to be used if the check box is selected.
ACTIONLISTOFF	Specifies an optional action list to be used if the check box is not selected.

ACTIONLIST Example

The following example illustrates the use of ACTIONLISTON and ACTIONLISTOFF.

POLICY  "Deny connections requests" 
    EXPLAIN "If enabled, TS will stop accepting connections" 
    ACTIONLISTON 
       VALUENAME "fDenyTSConnections"    VALUE NUMERIC 1 
    END ACTIONLISTON 
    ACTIONLISTOFF 
       VALUENAME "fDenyTSConnections"    VALUE NUMERIC 0 
    END ACTIONLISTOFF 
END POLICY

Additional Elements

The .adm language supports the following elements:

KEYNAME

The KEYNAME keyword is used within a CATEGORY to define which key within the registry is modified as a result of an action here.KEYNAME should be followed by the registry path to the key that contains the value that you want to change. Do not includeHKEY_LOCAL_MACHINE or HKEY_CURRENT_USER in the registry path as the preceding CLASS statement determines which of these keys is used.

If the KEYNAME contains a space, you must enclose the string in quotation marks (“).

VALUENAME

Defines the options available within a POLICY. First identify the registry value that is to be modified as a result of using the keywordVALUENAME. For example, VALUENAME MyFirstValue.

The following example illustrates the use of VALUENAME. The Disable Boot / Shutdown / Logon / Logoff status messages policy prevents the display of system status messages.

POLICY!!DisableStatusMessages 
    KEYNAME "Software\Microsoft\Windows\CurrentVersion\Policies\System" 
       EXPLAIN!!DisableStatusMessages_Help 
       VALUENAME "DisableStatusMessages" 
END POLICY

Unless you specify otherwise, the value is written in the following format when the user checks or clears the option:

Checked. Uses a REG_DWORD type with a value of 1.
Cleared. Removes the value.

You can specify options other than these defaults by using VALUEOFF and VALUEON. If the option is to be selected within the lower pane of the Group Policy Object Editor, the VALUENAME needs to be within a PART scope.

CLIENTEXT

The CLIENTEXT keyword is used to specify which client-side extension to the Group Policy Object Editor needs to process the particular settings on the client computer. By default, the registry extension processes all settings configured under the Administrative Templates node. The CLIENTEXT keyword changes the default behavior and causes the specified extension to process these settings after the registry extension has placed them in the registry.

CLIENTEXT must be used within either the POLICY scope or the PART scope and should follow the VALUENAME statement.

The following example illustrates use of CLIENTEXT.

POLICY !!DQ_Enforce 
 
            #if version >= 4 
                 SUPPORTED !!SUPPORTED_Win2k 
            #endif 
 
            EXPLAIN !!DQ_Enforce_Help 
                 VALUENAME "Enforce" 
                 VALUEON  NUMERIC 1 
            VALUEOFF NUMERIC 0 
            CLIENTEXT {3610eda5-77ef-11d2-8dc5-00c04fa31a66} 
 
        END POLICY

The GUID that follows the CLIENTEXT keyword is the GUID of the client-side extension. The client-side extensions are listed in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT \CurrentVersion\Winlogon\GPExtensions.

VALUEON and VALUEOFF

You can use VALUEON and VALUEOFF to write specific values based on the state of the option. To enable this functionality, you can write the .adm file as described in the following examples:

KEYNAME key name 
   POLICY!!MyPolicy 
     VALUENAME ValueToBeChanged 
     VALUEON "Turned On" VALUEOFF "Turned Off" 
   END POLICY

KEYNAME key name  
   POLICY!!MyPolicy 
     VALUENAME ValueToBeChanged 
     VALUEON 5 VALUEOFF 10 
   END POLICY

Using Simple Policies and Policies with the VALUEOFF and VALUEON Statements

This section presents two examples that illustrate the difference between using the default policy states and specifying VALUEONand VALUEOFF statements. There is a significant difference between the two example policies.

Example 1

In this example, no explicit VALUEON or VALUEOFF statements are used. This means that the Administrative Templates use the default behavior when the user changes the state of this policy.

POLICY!!EnableSlowLinkDetect 
    EXPLAIN !!EnableSlowLinkDetect_Help 
    KEYNAME "Software\Policies\Microsoft\Windows\System" 
    VALUENAME "SlowLinkDetectEnabled" 
END POLICY

Table 11 lists the default behavior.

Table 11 Example 1 Policy Defaults

State	Behavior
Policy setting enabled	A DWORD with the value 1 is written to the registry.
Policy setting disabled	The registry value is deleted.
Policy setting not configured	Nothing is changed in the registry.

Note the policy-disabled state. The value is not written to the registry with the value of 0—instead it is explicitly deleted. This means that a component reading the policy will not find the value in the registry, and will fall back to using the default in the code.

Example 2

In this example, the state values are explicitly defined, so when the user changes the policy, the Administrative Templates use these values.

POLICY!!EnableSlowLinkDetect 
    EXPLAIN!!EnableSlowLinkDetect_Help 
    KEYNAME "Software\Policies\Microsoft\Windows\System" 
    VALUENAME "SlowLinkDetectEnabled" 
        VALUEON NUMERIC 1 
        VALUEOFF NUMERIC 0 
END POLICY

Table 12 lists the behaviors in Example 2.

Table 12 Example 2 Policy Defaults

State	Behavior
Policy setting enabled	A DWORD with the value 1 is written to the registry.
Policy setting disabled	A DWORD with the value 0 is written to the registry.
Policy setting not configured	Nothing is changed in the registry.

EXPLAIN

The EXPLAIN keyword is used to provide online Help text for a specific Group Policy. In Windows 2000, the Properties page for each policy setting includes an Explain tab, which provides details about the policy settings.

Each Group Policy that you create should include one EXPLAIN keyword, followed by at least one space, and then the EXPLAINstring in quotation marks (“) or a reference to the Help string. For example:

POLICY!!Pol_NoConfigCache 
#if VERSION >= 3 
EXPLAIN!!Pol_NoConfigCache_Help 
#endif 
    VALUENAME "NoConfigCache" 
    PART!!Lbl_NoConfigCacheHelp1       TEXT 
END PART 
END POLICY 
       ..... 
 
[Strings] 
Pol_NoConfigCache_Help="Prevents users from changing the automatic  
synchronization behavior at logoff."

In the preceding example, Help is offered for one of the Offline Files options. The EXPLAIN keyword wrapped in the #if VERSIONallows this .adm file to be used with the Windows 2000 Group Policy Object Editor (version 3).

Line Breaks

To start text on a new line or to create a line break, use this syntax:

\n = Starts a new line 
\n\n = Creates a line break

#If Version for Version Comparison

The IF VERSION conditional statement is used to control the display of certain policy settings and features in the Administrative Templates node, based on the version of the Group Policy Object Editor that you are using. IF VERSION allows for part of the .adm files to be conditionally parsed and ignored by earlier versions of the Group Policy Object Editor tool. For example, the SUPPORTED tag is not supported on versions of the Group Policy Object Editor earlier than version 4. For this reason any statement using the SUPPORTED tag should be enclosed by #If Version…#endif.

You can specify that any part of your .adm file be evaluated only in specific versions of the Group Policy editing tools, as shown in Table 5, in the “.Adm File Language Versions” section of this document.

To compare versions, use the following syntax:

#if Version (operator) x 
#endif

The valid operators are listed in Table 13.

Table 13 Valid Operators for the Version Statement Number

Operator	Signifies
> (GT)	Greater than. For example, a > b means a is greater than b.
< (LT)	Less than. For example, a < b means a is less than b.
== (EQ)	Equal. For example, a == b means a is equal to b.
!= (NE)	Not equal.
>= (GTE)	Greater than or equal to. For example, a >= b means a is greater than or equal to b.
<= (LTE)	Less than or equal to. For example, a <= b means a is less than or equal to b.

.Adm File String/Tag Limits

Various restrictions apply to .adm files and settings. Table 14 provides a complete list of these restrictions.

Table 14

File String	Tag Limits
Maximum string length for Explain text	4096
Maximum string length for Category Explain text	255
Maximum string length for EDITTEXT string	1023

Источник

If you’re running a mixed environment where you have Windows Server 2003, 2008 and 2012, can you manage Group Policy in this side-by-side environment?

Yes, but it’s important to note that in Windows Server 2008, Microsoft introduced a central store (to avoid GPO bloating) with ADMX and ADML templates to manage your Group Policy (GP).

Windows Server 2003 (ADM Templates)

Windows Server 2008 and higher (ADMX and ADML Templates)

————————————————————————————————————————–

Question:

Can you run two GP environments side-by-side (ADMX/ADML and ADM) without causing problems, and is this supported (central store and ADM)?

Answer:

Yes, but ADMX template always win if in conflict with ADM.

————————————————————————————————————————–

Question:

If we start using a central store and manage our custom ADM through higher OS level would this jeopardise any configuration on the existing ADM’s?

Answer:

No, this will be fine.

————————————————————————————————————————–

Recommend Approach:

The best recommend approach is to move ADMX and migrate the ADM to ADMX using full armours ADMX migration tool.

XML-based format with Full Armor’s release of the ADMX Migrator tool, which Microsoft has licensed and made available through the Download Center. This tool provides a mechanism to convert your existing ADM files into ADMX format via a simple but effective user interface. This tool can also be used to create ADMX files afresh, which means you now have a way to create ADMX files without needing to understand the underlying ADMX format.

Links:

ADMX Migrator: https://www.microsoft.com/en-us/download/details.aspx?id=15058

Group Policy Team Blog: http://blogs.technet.com/b/grouppolicy/

Источник

Home »
Microsoft Windows Server

Thursday, 20 December 2012

Enabling the Terminal Server feature on Windows Server limits the display of Desktop Wallpapers. This is done to prevent excessive bandwith consumption. In some situations however, you would like to configure a wallpaper to display, for example, your company logo.

Group Policies allow you to set an Active Desktop wallpaper. An Active Desktop wallpaper, unfortunately is heavy on system resources, less secure because it can run web content, and has a higher probability of failures.

Setting a simple, static, Bitmap image as a wallpaper can be done using a centrally managed, custom Administrative Template that is part of a Group Policy Object (GPO). In Windows Server 2003 an Administrative Template takes the form of an .adm file. Below are the contents of such a file.

CLASS USER
 
  CATEGORY "Desktop"
 
    POLICY "Desktop Wallpaper"
      KEYNAME "Control Panel\Desktop"
      EXPLAIN "Configure a Static (Non-Active Desktop) Wallpaper."
      PART "Specify a path to a Bitmap (.bmp) file and configure the wallpaper style." TEXT
      END PART
      PART "Wallpaper Path:" EDITTEXT
        VALUENAME "Wallpaper"
      END PART
      PART "Wallpaper Style:" DROPDOWNLIST REQUIRED
        VALUENAME "WallpaperStyle"
        ITEMLIST
          NAME "Centered" VALUE "0" DEFAULT
          NAME "Tiled" VALUE "1"
          NAME "Stretched" VALUE "2"
        END ITEMLIST
        NOSORT
      END PART

    END POLICY
 
    POLICY "Desktop Background Color"
      KEYNAME "Control Panel\Colors"
      EXPLAIN "Configure the Desktop Background Color."
      PART "Enter RGB values between 0 and 255 seperated by spaces. E.g. 0 0 255 for blue." TEXT
      END PART
      PART "RGB Values:" EDITTEXT
        VALUENAME "Background"
        DEFAULT "0 0 0"
      END PART
    END POLICY

  END CATEGORY

Save the code above in a plain text file with the extention «.adm».

Or download the file here.

Instructions to use this custom policy:

Create a new Group Policy Object (GPO) or open an existing one. Open the GPO in «Group Policy Management» or the «Group Policy Object Editor».
Under «User Configuration» right-click the «Administrative Templates» node.
Click «Add/Remove Templates…».
Click «Add» and browse to the .adm file.
Click «Close».
Important: while the «Administrative Templates» node is selected open the «View» menu and click «Filtering…». Uncheck «Only show policy settings that can be fully managed».

The Desktop Wallpaper and Desktop Background Color settings are now available for configuration under Administrative Templates\Desktop (Path; Style/Position: Centered, Tiled, Stretched; Color). Configure the options as desired and link the GPO to an appropriate OU.

UNC paths are permitted.

Posts

Источник

.Adm File Language Versions

Comments

Strings

Example

Best Practice

CLASS

Syntax

Name

Example

CATEGORY

Syntax

name

key name

policy definition statements

Example

Supported Tag

CATEGORY Keywords

POLICY

Syntax

name

key name

help string

value name

guid

part definition statements

POLICY Example

POLICY Keywords

PART

Syntax

name

part-type

type-dependent data

key name

value name

Keywords

Using PART Types to Add Controls to the User Interface

CHECKBOX PART Type

Syntax

text

value name

TEXT PART Type

text

TEXT Example

EDITTEXT PART Type

Syntax

text

value name

EDITTEXT Example

EXPANDABLETEXT Example

REQUIRED Example

MAXLEN Example

DEFAULT Example

NUMERIC PART Type

NUMERIC Syntax

text

value name

NUMERIC Default Behavior

Examples of NUMERIC Use

COMBOBOX PART Type

Example

Keywords

DROPDOWNLIST PART Type

DROPDOWNLIST Syntax

text

name

value

LISTBOX PART Type

ACTIONLIST

Syntax

key name

value name

value

ACTIONLIST Example

Additional Elements

KEYNAME

VALUENAME

CLIENTEXT

VALUEON and VALUEOFF

Using Simple Policies and Policies with the VALUEOFF and VALUEON Statements

Example 1