,
This tutorial contains step-by-step instructions on how to deploy a registry key using Group Policy to computers in a domain environment.
Sometimes there is a need to add, remove, or edit a registry item on multiple computers in an Active Directory domain environment. In such a case you can create a new Group Policy Object (GPO) with the required registry changes that will be apply on all the domain computers. To perform this task, follow the instructions below.
How to Create, Delete or Update Registry keys on all Domain Computers using GPO.
1. Add, Delete or Modify Registry items with a GPO.
1. On your AD Server, open the Server Manager and then from Tools menu, open the Group Policy Management. *
* Additionally, navigate to Control Panel -> Administrative Tools -> Group Policy Management.
2. Under the ‘Domains’ object, right-click on your domain and select Create a GPO in this domain and Link it here.
3. Type a name for the new GPO (e.g. “Modify_Registry”) and click OK.
4. Now right-click in the new GPO and select Edit.
5. In Group Policy Management Editor window, go to:
-
Computer Configuration > Preferences > Windows Settings > Registry
6. Then right-click at the Registry item and select New > Registry Item.
7. At the ‘New Registry Properties’ window, do the following:
a. At Action drop down menu, choose the type of registry modification action you want to perform:
- Create: To create and deploy a new registry item (Key or Value) in all domain computers (like in this example).*
- Replace: If the registry key already exists, it will delete and recreate the registry key.
- Update (default): To modify a Registry Value that already exists with a different value. (If the Registry value doesn’t exist then it will be created)
- Delete: To remove a Registry item (e.g a Key with all its values and subkeys, or a single Registry Value).
* Note: In this example will show how to create a new registry DWORD value named “FileInfoCacheLifetime” with value data “0” at the following registry location:
- HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerParameters
b. At Hive select the Hive that you want to modify: eg. HKEY_LOCAL_MACHINE in this example.
c. At Key path click the three dots button
and…
d. … then select the path of the Registry key* you want to modify (create, delete, or update), its registry values.
* Note: If you want to create a new registry key that does not already exist in the selected registry location, select the parent folder in which you want to create the new key, click Select, and then at the end type “” and then the Name of the new registry key that you want to create. **
** Example: To create a new registry key named “TEST1” at the above mentioned registry location in this example, the key path should be:
- HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerParametersTEST1
e. At Value Name type the name of the Registry Value you want to add/edit or delete in the selected registry location (e.g. “FileInfoCacheLifetime” in this example).
f. Now specify the Value Type of the registry value (e.g. “REG_DWORD” in this example), and then type its Value Data (eg. “0” in this example).
8. When done, click Apply > OK to save your changes.
9. Close the Group Policy Management Editor and restart any domain computer to apply the registry change, or run the “gpupdate /force” command. *
* Note: Repeat steps 6-8 to if you want to add, delete, or update more registry items, using the same GPO.
2. Deploy a REG File using a GPO Script.
If you own a registry (.REG) file exported from another computer and you want to deploy it (import it), on all other computers on your domain, do the following:
1. Use the steps 1-3 above to create a new GPO and then right-click on it a click Edit.
2. In Group Policy Management Editor window, go to:
-
Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown) > Startup.
3. In Startup Properties window:
a. Click the Show Files button…
b. ..and copy the REG file in the disk location* that opens.
eg. \domain-nameSysVoldomain-namePolicies{410CB9F6-E138-410E-9843-6A4C6D7D3CDE}MachineScriptsStartup
4a. Then click the Add button.
4b. At the following window, do the following and then click OK:
-
At Script Name, type: regedit.exe
-
At Script Parameters, type: /s press SPACE and then type the name of the registry file that you want to deploy (e.g. “https://www.wintips.org/s RegistryFile.reg” in this example).
5. Click Apply > OK to save the script.
6. Close the Group Policy Management Editor and restart any domain computer to apply the registry change.
That’s it! Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.