1. Structure of an .adm Template
An
.adm template has two functions. The first function is to create the
interface within the GPME for the registry values that you want
configured on users or machines targeted by a GPO. This formatting is
the same for all .adm templates, so you can use existing .adm templates
as a guide. The second function of the .adm template is to format the
registry path, value, and data that will be updated in the target
computer’s registry. Again, this syntax is the same for all .adm
templates and is easy to follow.
Note
Although
the syntax is easy to follow for the registry path in the .adm
template, the path must be accurate to avoid potential corruption of
the registry on the target computer. |
Look
at the following .adm template example. It allows the computer to log
on without any user input by using a predetermined username and
password.
CLASS MACHINE
CATEGORY "Microsoft Custom ADM Entries"
POLICY "Automatic Logon"
KEYNAME "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
PART "Enable Auto Logon? (1=Yes, 0=No)" NUMERIC REQUIRED TXTCONVERT
VALUENAME "AutoAdminLogon"
MIN 0 MAX 1 DEFAULT "0" SPIN 1
END PART
PART "What is the name of the user?" EDITTEXT
VALUENAME "defaultusername"
END PART
PART "What is the user's password?" EDITTEXT
VALUENAME "defaultpassword"
END PART
END POLICY
END CATEGORY
You
can see that the structure of the .adm template is very methodical. If
you look closely at the example, you can see that some rules must be
followed. One such rule is the inclusion of an END syntax for PART,
POLICY, and CATEGORY entries.
Review the structure of the example to evaluate the components that you need to fully understand:
CLASS MACHINE Specifies that the registry HKEY that we are modifying is under HKEY_LOCAL_MACHINE.
CATEGORY
Specifies the name that will be given to the folder that will appear in
the GPME. In our example, it is Microsoft Custom ADM Entries.
POLICY Specifies the name we are giving to the policy that will appear in the GPME. In our example, it is Automatic Logon.
KEYNAME
Specifies the path in the registry where the value that will be
modified exists. Notice that KEYNAME does not include the HKEY name or
the name of the value.
PART Specifies to the GPME that input will be required from the GPO administrator.
EDITTEXT Specifies that a text box will be presented to allow the administrator to type text for the data of the registry value.
VALUENAME
Specifies the exact registry value that is being modified. Notice that
VALUENAME is not the specified data for the registry value (the string
or setting associated with the registry value); rather, it is the name
of the registry value. The data for the registry value will be input
through the GPME.
END PART Indicates to the GPME that the syntax related to this PART is done.
END POLICY Indicates to the GPME that the syntax related to this POLICY is done.
END CATEGORY Indicates to the GPME that the syntax related to this CATEGORY is done.
If you were to create a shell depicting a standard .adm template structure, it would look something like this.
CLASS (GPME and Registry)
CATEGORY (GPME)
KEYNAME (Registry)
POLICY (GPME)
PART (GPME)
VALUENAME (Registry)
To
create your own .adm templates, you must build on this structure and
understand all of the syntax that can be placed in the .adm templates.
We will do this by breaking down the syntax into two categories: the
interface for the GPME and the registry path and value inputs.
