+ Reply to Thread
Results 1 to 3 of 3

Thread: Adding a registry setting

  1. 10-14-2009, 10:01 AM #1
    araczek
    araczek is offline Getting Started on GPanswers.com
    Join Date
    Oct 2009
    Posts
    7

    Default Adding a registry setting

    Hi-
    I need to diable SSLv2 on all machines. I made the registry setting and exported it. Then I used RegtoADM from NUTS to convert it to an ADM file. I imported the ADM but have trouble with putting in the proper value. To disable SSLv2 you need to put in a dword
    "Enable" and set it to 0 (zero). GPMC will not let me set a zero value so this policy is basically useless.

    FYI native server 2003 domain. Relutant template is below:

    CLASS MACHINE

    CATEGORY "SYSTEM\CurrentControlSet\Control\SecurityProvider s\SCHANNEL\Protocols\SSL 2.0\Server"
    KEYNAME "SYSTEM\CurrentControlSet\Control\SecurityProvider s\SCHANNEL\Protocols\SSL 2.0\Server"

    POLICY "Enabled"
    PART "Enabled"
    NUMERIC
    VALUENAME "Enabled"
    END PART
    END POLICY

    END CATEGORY
    Reply With Quote Reply With Quote
  2. 10-14-2009, 02:32 PM #2
    araczek
    araczek is offline Getting Started on GPanswers.com
    Join Date
    Oct 2009
    Posts
    7

    Default Adding registry setting - more info

    Okay, found problems with RegtoAdm output, this is what I have which still doesn't work, get a syntax error on 'VALUE', or same thing if I try VALUEON NUMERIC 1, VALUEOFF NUMERIC 0 (after valuename)

    CLASS MACHINE

    CATEGORY "SYSTEM\CurrentControlSet\Control\SecurityProv ider s\SCHANNEL\Protocols\SSL 2.0\Server"
    KEYNAME "SYSTEM\CurrentControlSet\Control\SecurityProv ider s\SCHANNEL\Protocols\SSL 2.0\Server"

    POLICY "Enabled"
    PART "Enabled" NUMERIC
    VALUENAME "Enabled"
    VALUE NUMERIC 0
    END PART
    END POLICY

    END CATEGORY
    Reply With Quote Reply With Quote
  3. 10-18-2009, 05:33 AM #3
    robingp
    robingp is offline Getting Started on GPanswers.com
    Join Date
    Dec 1969
    Posts
    5

    Default

    hi araczek,

    don't use regtoadm tool ... it is NUTS <eg> ...

    assuming you really want to set the value mentioned to "0" if "enabled" is chosen the following custom adm template WILL definitely Do the job :-)

    it comes with explain and on / off values ... your sample was still quite wrong formatted :-(

    btw.: to check and generate adm's and amdx's use adm/admx template editor INSTEAD, it's freeware version is readonly, but helps!

    see SysPro Software -> News

    cu rainer



    CLASS MACHINE

    CATEGORY "Template for SSLv2"

    POLICY "Enable SSLv2"
    KEYNAME "SYSTEM\CurrentControlSet\Control\SecurityProvider s\SCHANNEL\Protocols\SSL 2.0\Server"
    EXPLAIN !!SSLv2_Explain
    VALUENAME "Enabled"
    VALUEON NUMERIC 0
    VALUEOFF NUMERIC 1
    PART "Enable Support for SSLv2 for Servers" TEXT END PART
    END POLICY


    END CATEGORY

    [strings]
    SSLv2_Explain="This setting controls the behaviour of SSLv2 for Servers."
    Reply With Quote Reply With Quote
+ Reply to Thread
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


Search Engine Friendly URLs by vBSEO