You use Comments to document the .adm file. A semicolon should precede each comment. Comments can be on a line by themselves or they can follow a component or keyword statement. Comment lines (in black text in the sample .adm file) describe the functionality of the various template sections.
Strings provide shorter, more manageable tags for pieces of text. You define Strings at the end of an .adm file in a [strings] section in the form
stringname="value"
Components and keywords in the main body of the template reference Strings by prefacing them with a pair of exclamation points (!!), as in
!!stringname
The [strings] section (in orange text in the sample .adm file) can get lengthy and difficult to read through, especially when you have strings for long policy explanations, so developing some method for organizing strings will help you when it comes time to edit or troubleshoot your template.
The CLASS component defines whether your GPO will show up under the User Configuration node or the Computer Configuration node in the Group Policy Editor snap-in. The only valid values for CLASS are COMPUTER and USER. In the sample .adm file, the only CLASS statement (in brown text) establishes that this template's settings will apply to the User Configuration node. The CLASS value and node also correlate to the registry subkey in which changes will take place. The USER class targets settings under the HKEY_CURRENT_USER subkey; the COMPUTER class affects settings under HKEY_LOCAL_MACHINE.
The CATEGORY component lets you provide a node name under which your GPO settings will be displayed in the Group Policy Editor snap-in. The CATEGORY node name appears under the Administrative Templates node of the User Configuration or Computer Configuration node. You can nest multiple CATEGORY statements to give more structure to your settings. The first two CATEGORY statements (in purple text in the sample .adm file) establish the uppermost nodes for the WinZip settings. Three subsequent categories (in red, green, and blue text) are found under the two initial nodes. Figure 1 shows how the CATEGORY structure of the sample WinZip template appears in the Group Policy Editor snap-in. You can use the KEYNAME keyword at the CATEGORY level to provide the path to the registry subkey that will be affected by all child categories, policies, and parts unless these items explicitly define a different KEYNAME. The sample template has a KEYNAME for each CATEGORY that applies to every policy within that category. The one exception is the last policy, which required a different KEYNAME than the one specified for the category.
In the POLICY component, you configure the actual changes that the GPO will make. You can use the PART, ITEMLIST, ACTIONLIST, and other keywords to tailor the interface to suit your policy settings.
You can use the PART component to specify objects that make up the user interface for editing the GPO in the Group Policy Editor snap-in, such as text boxes, check boxes, and drop-down list boxes. You use a part-type keyword—CHECKBOX, COMBOBOX, DROPDOWNLIST, LISTBOX, EDITTEXT, TEXT, or NUMERIC—to specify the type of object to be used. The sample .adm template uses several parts. Look in the template for the part-type keywords to see how they're used, and note the results in the Group Policy Editor snap-in. For more information about using these part types, see Appendix A of the developer-oriented white paper "Implementing Registry-Based Group Policy" at http://www.microsoft.com/windows2000/techinfo/howitworks/management/rbppaper.asp.
You use the ITEMLIST component with the DROPDOWNLIST part type to provide a list of valid selections for a given setting. This method enforces the integrity of data entered into the Group Policy Editor snap-in. You can see in the sample .adm template how I used ITEMLIST with DROPDOWNLIST for the OpenLocation policy in the Paths category.
The ACTIONLIST component lets you define one or more registry subkey values according to the state of a control. For example, if you used a DROPDOWNLIST part type, you could follow up with ACTIONLIST statements to define a series of registry subkey values to alter according to which item from the drop-down list is selected.
The sample .adm template uses some additional keywords. For example, most components require an END keyword to function correctly. You'll see this keyword in statements such as END PART and END POLICY. EXPLAIN lets you provide text that describes your GPO and how to use it; the Explain tab displays the text when you edit a GPO. VALUENAME is the actual name of the registry subkey whose value you will alter via the specified GPO. You can use the DEFAULT keyword to provide default values to user-input areas of the GPO. By default, the CHECKBOX part writes a REG_DWORD value of 1 when a box is checked, but WinZip stores settings configured via check boxes as string values. The template uses the VALUEON and VALUEOFF keywords with the check boxbased Wizard and ShowTips policies to interpret the check box state and write appropriately formatted registry values.
Test, Test, Test
After you've completed (or downloaded) a sample .adm file and copied it into the %systemroot%\inf folder, you can start the Group Policy Editor snap-in and load the new template to see how it works. You must be logged on to the computer with an account that has administrator privileges to use the Group Policy Editor snap-in. From the Start menu, select Run, type mmc, and click OK. From the File menu, choose Add/Remove Snap-in, then click Add. Select the Group Policy Editor snap-in and click Add. I recommend that you first try your creation as a local GPO before unleashing it on a production domain. So, for now, leave the default Local Computer selection and click Finish. Close the Add Standalone Snap-in dialog box and click OK in the Add/Remove Snap-in dialog box.
Register
gcd December 08, 2005 (Article Rating: