Viewed 42k times. Improve this question. Dmart Dmart 1 1 gold badge 3 3 silver badges 10 10 bronze badges. Add a comment. Active Oldest Votes. Improve this answer. Helvick Helvick This is interesting info, but I am looking for something I can run remotely.
Is there any way to get at the HKCU hive remotely? Absolutely - you can mount and interact with remote registries but finding the keys you want will take a little work. I've added a link to a blog post that will get you started doing this with Powershell. Kai Kai 2 2 silver badges 7 7 bronze badges. Made the change in the post to output to username. Even better, use a filename that includes both the user name and computer name. Someone using multiple machines may well have different mappings on each.
However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs.
For more information about how to back up and restore the registry, see How to back up and restore the registry in Windows. Click Start , point to Run , type regedit , and then click OK.
The registration information includes a sub-key with the client-side extensions unique identifier as the name. Several registry values reside beneath the identifier key. These values are used by the Group Policy infrastructure, but also provide valuable information such as the name of the client side extension in the Default registry value , the binary file that hosts the client-side extension code in the DLLName registry value , and the event source and event log the extension uses to report information, warnings, and errors in the EventSources registry value, separated by a comma, respectively.
When a Group Policy object is configured to include data from a specific client side extension, the editor must include the client-side extension and snap-in unique identifiers as part of the data saved in the Group Policy object. Extensions specific data configured to apply to computers is saved to the gPCMachineExtensionNames attribute of the Group Policy container object.
Extension specific data configured to apply to users is saved to the gPCUserExtensionNames attribute. If extension specific data is configured to apply to both user and computer, then the editor saves the extension identifier and the snap-in identifier to both attributes of the Group Policy container object.
Each identifier group is comprised of an extension identifier followed by one or more snap-in identifiers. The group of identifiers are bracketed accordingly by surrounding both identifiers within square brackets [ ]. The unique identifier grouping must be listed in ascending alphanumeric order. Saving these in any other order prevents Group Policy from correctly applying or prevents you from editing existing extensions specific data within the Group Policy object. Storing the extension identifier and the snap-in identifiers in the Group Policy object provides hints that optimize Group Policy processing and management.
Processing is optimal because the Group Policy infrastructure knows prior to processing which extensions are required to apply the data hosted in the Group Policy object.
Authoring is optimal because the editor has hints to determine what specific snap-ins are needed to edit the data. The Drives. Group Policy Preference configuration files use two XML elements to describe the configuration data: an outer element and an inner element. The outer element serves as a logical container of the inner XML elements.
The inner elements represent the configuration of one or more preference items belonging to the container outer XML element. This element serves as a collection of inner elements where each inner element represents a drive map preference item. The Drives outer element supports two attributes: clsid and disabled. The Drives outer element of the Group Policy Drive Map configuration file contains one required and one optional attribute.
The clsid attribute is a bit unique identifier represented as global unique identifier GUID. The clsid value identifies the type of outer element. This is how the client-side extension identifies and validates the outer-element is of type Drives. The disabled attribute is an optional attribute for the Drives outer element.
The attribute uses a numeric string to represent a Boolean value. A value of 1 indicates true and a value of 0 indicated false.
A Drives outer element with a disabled attribute equaling true indicates the configuration for all inner elements is disabled.
This prevents the Group Policy Drive Map extension from processing any of the inner elements of the configuration file. A disabled attribute equaling false indicates the configuration for all inner elements is enabled and that processing continues as normal. A Drives outer element without a disabled attribute indicates that the outer element has never been disabled.
In this configuration, the default value for the disabled attribute is false, which means the outer element is enabled and processing continues normally. The disabled attribute appears in the configuration the first time the outer element is disabled and remains in the configuration for the remainder configuration files lifetime.
Once in the configuration, the value of the attribute is changed with the respective configuration, but never removed. The Drive outer element accepts one type of inner element. The Drive non-plural inner element represents a single Drive Map preference item. There can be one or more Drive inner elements within the Drives outer element.
Each Drive inner element contains attributes that describe the inner element. These attributes are jointly used by management editors and client side extensions as a way to identify one Drive inner element from the next. Drive inner element attributes do not contain configuration data. The byPassErrors attribute is an optional attribute for the Drive inner element. A value of 1 indicates true and a value of 0 indicates false. One or more Drive inner element are contained within a single Drives outer element, which enables the client-side extension to process one or more preference items.
A Drive inner element with a byPassErrors attribute equally true indicates the Group Policy Drive Map extension should continue processing the next Drive inner element regardless if the result of the current Drives inner element is a failure. A byPassErrors attribute equaling false indicates the extension should stop processing subsequent Drive inner elements if the result of the current Drive inner element is a failure.
A Drive inner element without a byPassErrors attribute indicates that the inner element has never been configured to halt on errors. In this configuration, the default value for the byPassErrors attribute is true, which means the any inner element failure does not halt the processing of subsequent inner elements. The byPassErrors attribute appears in the configuration the first time the inner element is configured to stop on errors. Once in this configuration, the value of the attribute changes with each respective configuration, but never removed.
The changed attribute is an optional attribute for the Drives inner element. The attribute uses a string value to represent the date and time of when the inner element was last modified in UTC. The clsid value identifies the type of inner element. This is how the client-side extension identifies and validates the inner element is of type Drive. The disabled attribute is an optional attribute for the Drive inner element. A Drive inner element with a disabled attribute equaling true indicates the configuration for that inner element is disabled.
This prevents the Group Policy Drive Map extension from processing that inner element in the configuration file. A disabled attribute equaling false indicates the configuration for that inner element is enabled and that processing continues as normal.
A Drive inner element without a disabled attribute indicates that the inner element has never been disabled. In this configuration, the default value for the disabled attribute is false, which means the inner element is enabled and processing continues normally. The disabled attribute appears in the configuration the first time the inner element is disabled and remains in the configuration for the remainder configuration files lifetime.
The image attribute is a numeric string value that represents the index of a bitmap resource used by the Group Policy Management editor as the icon image used to display the preference item in the editor.
The value of the numeric string typically corresponds to the value of the action attribute in the properties element.
The name attribute is a string value that represents the display name of the preference item. The name attribute has no impact on the processing of the preference item and is strictly used for management and reporting. The removePolicy attribute is an optional attribute for the Drive inner element.
A Drive inner element with a removePolicy attribute equaling true indicates the Group Policy Drive Map extension should remove the drive map if the Group Policy object hosting the Drive Map preference item is not within scope of the user.
Once the Group Policy object hosting the Drive map preference item no longer applies to the user, the Group Policy Drive map extension deletes the drive map based on the drive letter criterion. The removePolicy attribute correlates to the value of the action attribute in the Properties element.
A Drive inner element with a removePolicy attribute equals true requires the value of the action attribute of Properties element to equal an uppercase R. A Drive inner element with a removePolicy attribute equaling false indicates the extension should leave existing mapped drives resulting from a Drive Map preference item configured. A Drive inner element without a removePolicy attribute indicates the inner element has been configured to remove when it no longer applies. In this configuration, the default value for the removePolicy attribute is false, which means all map drives resulting from a Drive Map preference item remain configured.
The removePolicy attribute appears in the configuration the first time the inner element is configured to remove items when it no longer applies. Once in this configuration, the value of the attribute changes with each respective configuration, but is never removed. The status attribute is string value that represents a message that the Group Policy Preference editor can display in the status area of the Microsoft Management Console.
The status attribute remains as part of the configuration; however, is no longer being actively implemented. The uid attribute is a bit identifier represented as global unique identifier GUID.
The uid value uniquely identifies each inner element. This is how the client-side extension identifies and differentiates each Drive inner element. The userContext attribute is an optional attribute for the Drive inner element. A Drive inner element with a userContext attribute equaling true indicates the Group Policy Drive Map extension should create the mapped drive using the security context of the current user.
A Drive inner element with a removePolicy attribute equaling false indicates the extension should create the mapped drive using the security context of the local system. A Drive inner element without a userContext attribute indicates the inner element has been manually configured to apply in the security context of the current user. In this configuration, the default value varies on a per-policy basis using the simple guidelines of computer preference items run in the security context of the local system and user preference items run in the security context of the current user.
The userContext attribute appears in the configuration the first time the inner element is manually configured to apply using the security context of the current user. The userContext attribute remains as part of the configuration; however, is no longer being actively implemented. Most of the Group Policy Preference extensions programmatically switch between the current user and system security contexts as needed, irrespective of the userContext attribute value present in the inner element configuration.
The recommended configuration is to leave each preference item to the defaults and to not manually configure the security context of any preference item. Each inner element requires a Properties element in the configuration file. Group Policy Preference extensions read the Properties element for the preference item configuration. The Properties element shares unique and common attributes among all the Group Policy Preferences inner element classes.
The common attributes characterize abstract functionality provided by the inner element classes preference items such as create, delete, or update. However, the implementation of these actions varies across each inner element. The action attribute is an optional, string attribute in the Properties element used to describe the action the Group Policy Drive Map extension performs for the associated inner element.
That action attribute value is a single, uppercase letter of C, R, U, or D. An action attribute value equaling an upper case C instructs the Group Policy Drive Map extension to create a new drive mapping using the settings in the current Drive inner element. The create action has two behaviors based on the value in the useLetter attribute. When the useLetter value equals 1, the create action creates a new drive mapping only when the current user does not have an active drive letter mapped with a value that matches the value configured in the letter attribute.
The newly created drive mapping uses the drive letter value configured in the letter attribute. If the current user has an existing drive mapping using the value configured in the letter attribute then the extension ignores the instruction and does not report error. When the useLetter value equals 0, the create action creates a new drive mapping only when the current user does not have an active drive letter mapped to a file share that matches the value of the path attribute.
The newly created drive mapping uses the first available drive letter starting with letter value configured in the letter attribute. If the current user has an existing drive mapping to a file share that matches the value in the path attribute then the extension ignores the instruction and does not report an error. The create action, after successfully creating the newly mapped drive letter, also sets the drive letters visibility based on the value configured in the thisDrive attribute.
Yes No. Thank you! Any more feedback? The more you tell us the more we can help. Can you help us improve? Resolved my issue. Clear instructions. Easy to follow. No jargon. Pictures helped. Didn't match my screen. Incorrect instructions.
0コメント