To get an idea of what an .adm template
looks like, we will review a simple snippet from the System.adm
template. You can look at the entire System.adm template to see what
the code looks like for a complete .adm template.
CLASS USER
CATEGORY !!DesktopLockDown
POLICY !!DisableTaskMgr
EXPLAIN !!DisableTaskMgr_Explain
VALUENAME "DisableTaskMgr"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
KEYNAME "Software\Policies\System"
END POLICY
END CATEGORY
[strings]
DisableTaskMgr="Disable Task Manager"
DisableTaskMgr_Explain="Prevents users from starting Task Manager"
DesktopLockDown="Desktop Settings"
This policy setting defines the following behavior:
When enabled, this policy setting creates a registry key called DisableTaskMgr
and sets its value to 1. The VALUEON tag implements this behavior.
After this policy is implemented, users cannot start Task Manager.
When disabled, this policy setting creates a registry key called DisableTaskMgr
and sets its value to 0. The VALUEOFF tag implements this behavior.
After this policy is implemented, users can start Task Manager.
In both cases, the DisableTaskMgr
registry key is created below
HKEY_CURRENT_USER\Software\Policies\System in the registry. Note that
the key is created under CLASS USER and not under CLASS MACHINE,
because this is a user policy setting. You will find this policy under
the User Configuration\Administrative Templates\Classic Administrative
Templates\Desktop Settings node within the GPME, as shown in Figure 1.
When set to Not Configured, this policy setting deletes the registry key called DisableTaskMgr.
In this case, users can start Task Manager. Note that in the Not
Configured case, you will only see the deletion for a true policy
setting, not a “preference,” outside the true policy settings registry
hive.
