Custom ADM for setting the default value of a registry key (Part 2 of 2)

  • Article

Part 1 of this topic provided two ADM file examples to show how to create and set the default value of a registry key to block or allow cookies for Internet Explorer. In the Part 1 examples, the policy settings allowed or blocked cookies depending on the enabled or disabled state of each policy setting. In some cases, you may want to remove the setting when disabling the policy setting. In this case, you'll discover that you cannot create a custom ADM file to delete a registry key-- only the registry key default value or the valuename.

Part 2 shows how to create a custom ADM file that will delete the default value for a registry key. The registry key, once created, will be left.

Fortunately, Internet Explorer will interpret the registry key without a default value as if it didn't exist in the list of allowed or blocked cookies. If you are adapting these examples to manage a registry key for another windows component or program, please test this before applying these techniques since the behavior may be different.

I'm going to repeat the information about the registry values for the list of blocked and allowed cookies so that you don't have to reread part 1. If you have a great memory, you can skip the next five or so short paragraphs.

 

To handle site-by-site cookies, per-domain cookie decisions are stored under the HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsP3PHistory<domain> key.

The default value of the <domain> key stores the decision value. The possible values for the default value are:

Value

Description

REG_DWORD: 1

Accept all cookies from this site (Allow cookies)

REG_DWORD: 5

Reject all cookies from this site. (Block cookies)

Note: These are the only two expected values. No default value will be treated as if the registry key wasn't configured in the list.

 

Returning to our discussion, in the examples from Part 1, we set the default values using either the VALUEON or VALUEOFF keywords, for a single setting; or the VALUE keyword when working with multiple settings. If, instead of a numeric value, the VALUEON, VALUEOFF, or VALUE keyword is followed by DELETE, the default value is deleted.

For example, I'll modify the first example from Part 1 that blocked cookies from the site, Allowedsite.com when the policy setting was enabled. Instead of allowing all cookies when the policy setting is disabled, I'll change the ADM file to delete the block cookies value. This setting adds the Allowedsite.com registry key, sets the (Default) to 5 when enabled, and deletes the value when disabled. To use this example, copy and save to a file with the .adm extension. Use the add/remove template dialog box to add the file into the Group Policy Editor.

CLASS USER

  CATEGORY "Windows Components"

    CATEGORY "Internet Explorer"

      CATEGORY "Internet Control Panel"

        POLICY !!Block_AllowCookies

          #if version >= 4

            SUPPORTED !!SUPPORTED_IE6

          #endif

          EXPLAIN !!Block_AllowCookies_Help

          KEYNAME "SoftwareMicrosoftWindowsCurrentVersionInternet SettingsP3PHistoryallowedsite.com"

          VALUENAME ""

          VALUEON NUMERIC 5

          VALUEOFF DELETE

        END POLICY

      END CATEGORY;

    END CATEGORY;

  END CATEGORY;

[strings]

Block_AllowCookies="Specify which websites are never allowed to use cookies"

Block_AllowCookies_Help="This preference setting specifies which websites are never allowed to use cookies, regardless of their privacy policy.nnIf you enable this preference setting, the specified website always blocks (numeric 5) the use of cookies.nn If you disable this preference setting, the specified website is removed from the list of websites to allow or block cookies.nnIf you do not configure this preference setting, the registry key and default value will be unchanged."

SUPPORTED_IE6="at least Internet Explorer v6.0"

If you need to set values for multiple sites, you can modify the second example from part 1 in the same way I did for the single website example.

Remember you will need to turn off filtering in order to see this preference setting in the Group Policy Editor:

  1. Right-click the Administrative Templates node.
  2. Click 'view' then click 'filtering'
  3. Clear the check box "Only show policy settings that can be fully managed" and click the OK button.

**And don't forget to test before using any sample in your enterprise.**

 -------------------- Judith Herman, Group Policy Programming Writer  --------------------