Setting Default Registry Key Values using Custom ADM Files (Part 1 of 2)

I’d like to give a big shout out to Sean Gallinetti for providing the custom ADM example files.

 

One use of creating and setting the default value of a registry key is creating the list of blocked and allowed cookies to configure the per site privacy actions for the Internet Explorer options. The per site privacy actions can be configured through the Internet Explorer UI. You can navigate to this dialog box from the Internet Options dialog:

1. From the Internet Options dialog click the Privacy tab.

2. Click the Sites button.

 

To handle site-by-site cookies, per-domain cookie decisions are stored under the HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsP3PHistory<domain> key.

 

The default value of the <domain> key stores the decision value. The possible values for the default value are:

 

Value Description

REG_DWORD: 1 Accept all cookies from this site. (Allow cookies)

REG_DWORD: 5 Reject all cookies from this site. (Block cookies)

 

When adding the key through an ADM file, use the following line to add or modify the (Default) value of the <domain> key:

 

VALUENAME ""

 

Remember to add the NUMERIC keyword to that statement that sets the actual value. This will cause the default value to be created as a DWORD instead of a SZ value.

 

Now, let’s look at two examples for creating these custom ADM files. These assume the policy setting will set the default value to accept all cookies when enabled, set the default value to reject all cookies when disabled and leave the value unchanged when set to not configured.

 

For example, the following sample ADM file adds an option to allow or block

cookies from the site, Allowedsite.com. This setting adds the Allowedsite.com registry key, sets the (Default) to 0 or 5, and adds no other values to that key.

 

CLASS USER

  CATEGORY "Windows Components"

    CATEGORY "Internet Explorer"

      CATEGORY "Internet Control Panel"

        POLICY !!Block_AllowCookies

          #if version >= 4

            SUPPORTED !!SUPPORTED_IE6

          #endif

          EXPLAIN !!Block_AllowCookies_Help

          KEYNAME "SoftwareMicrosoftWindowsCurrentVersionInternet SettingsP3PHistoryallowedsite.com"

          VALUENAME ""

          VALUEON NUMERIC 1

          VALUEOFF NUMERIC 5

        END POLICY

      END CATEGORY;

    END CATEGORY;

  END CATEGORY;

[strings]

Block_AllowCookies="Specify which websites are always or never allowed to use cookies"

Block_AllowCookies_Help="This preference setting specifies which websites are always or never allowed to use cookies, regardless of their privacy policy.nnIf you enable this preference setting, the specified website is always allowed (numeric 1) the use of cookies.nn If you disable this preference setting, the specified website is never allowed (numeric 5) the use of cookies.nnIf you do not configure this preference setting, the default value will not change."

SUPPORTED_IE6="at least Internet Explorer v6.0"

 

The next sample ADM file allows multiple sites to be allowed or blocked

in one setting:

 

CLASS USER

  CATEGORY "Windows Components"

    CATEGORY "Internet Explorer"

      CATEGORY "Internet Control Panel"

        Category "Allowed / Blocked Cookies"

        POLICY !!Block_AllowCookies

          #if version >= 4

            SUPPORTED !!SUPPORTED_IE6

          #endif

          KEYNAME "SoftwareMicrosoftWindowsCurrentVersionInternet SettingsP3PHistory"

          EXPLAIN !!Block_AllowCookies_Help

          ACTIONLISTON

            KEYNAME "SoftwareMicrosoftWindowsCurrentVersionInternet SettingsP3PHistorysiteone.com"

            VALUENAME ""

            VALUE NUMERIC 1

            KEYNAME "SoftwareMicrosoftWindowsCurrentVersionInternet SettingsP3PHistorysitetwo.com"

            VALUENAME ""

            VALUE NUMERIC 1

          END ACTIONLISTON

          ACTIONLISTOFF

            KEYNAME "SoftwareMicrosoftWindowsCurrentVersionInternet SettingsP3PHistorysiteone.com"

            VALUENAME ""

            VALUE NUMERIC 5

            KEYNAME "SoftwareMicrosoftWindowsCurrentVersionInternet SettingsP3PHistorysitetwo.com"

            VALUENAME ""

            VALUE NUMERIC 5

  END ACTIONLISTOFF

        END POLICY

      END CATEGORY;

    END CATEGORY;

  END CATEGORY;

  END CATEGORY;

[strings]

Block_AllowCookies="Specify which websites are always or never allowed to use cookies"

Block_AllowCookies_Help="This preference setting specifies which websites are always or never allowed to use cookies, regardless of their privacy policy.nnIf you enable this preference setting, the specified website is always allowed (numeric 1) the use of cookies.nn If you disable this preference setting, the specified website is never allowed (numeric 5) the use of cookies.nnIf you do not configure this preference setting, default value will not change."

SUPPORTED_IE6="at least Internet Explorer v6.0"

 

Here are a few reminders to finish off this blog.

 

· To use these examples, copy and save to a file with the .adm extension. Use the add/remove template dialog box to add the file into the Group Policy Editor.

· Remember you will need to turn off filtering in order to see this preference setting in the Group Policy Editor:

1. Right-click the Administrative Templates node.

2. Click ‘view’ then click ‘filtering’

3. Clear the check box “Only show policy settings that can be fully managed” and click the OK button.

· As with all samples, test before using in your enterprise.

 

Stay tuned for part 2—Removing default values. -- Judith Herman, Programming Writer