Custon ADM template in AD

[brian873]

Hi

I am having trouble creating a custom ADM template file that will add some text to the logon prompt in winXP.

So far I have in my ADM file (mysetting.adm)

CLASS MACHINE
CATEGORY !!category
 CATEGORY !!categoryname
  POLICY !!policyname

KEYNAME "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
EXPLAIN !!explaintext
PART !!labeltextlp EDITTEXT
DEFAULT "By logging on you agree to company policy"
VALUENAME "LogonPrompt"

END PART
END POLICY
END CATEGORY
END CATEGORY

[strings]
category="merle Custom Policy Settings"
categoryname="WinLogon Banner"
policyname="LogonPrompt"
explaintext="Add Logon text to the win logon."
labeltextlp="LogonPrompt"

What I am trying to do here is currently achieved via a vbs logon script as shown below. Although this works I would like to get it in to the AD so things are nice and tidy.

On Error Resume Next
Const SUCCESS = 0
Const LogERROR = 1
Const WARNING = 2
Const INFORMATION = 4
Const AUDIT_SUCCESS = 8
Const AUDIT_FAILURE = 16

Dim Path
Set WSHShell = Wscript.CreateObject("WScript.Shell")
Path= "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"
WSHShell.RegWrite path & "LogonPrompt","Stop! This system processes electronic mail classified as Private under the Electronics Communications and Privacy act of 1986.  Law enforcement officers please take note that special warrants may be required to access this system.","REG_SZ"
If err then
	msgbox "Error Encountered"
	WshShell.LogEvent LogERROR, "Logon Prompt Setup Failed"
Else
	msgbox "Logon Prompt Setup Sucessful"
	WshShell.LogEvent INFORMATION, _ 
	"Logon Prompt Setup Was Successful."
End if

Edited October 4, 2006 by brian873

[Ctrl-X]

These settings already exist in Group Policy: Computer Configuration / Windows Settings / Security Settings / Local Policies / Security Options; policies "Interactive logon: Message text for users attempting to log on" and "Interactive logon: Message title for users attempting to log on".

[brian873]

thanks ctrl-x, I know about that setting. But the problem with it for me, is it gives you an extra click. If you use the above script it puts the text on the same screen you enter your logon details in.

It is a mod that I really like. I would just liekt o be able to deploy it through a GPO.

Thanks again for your input

[Ctrl-X]

Okay, so what't the problem with your custom ADM file then?

[brian873]

My file as above does not work.

It creates the custom folder structure in the left hand pane of PGO editor computer configuration > administrative templates > WinLogOn

But in the right hand pane there are no settings.

Any help would be appreciated very much

[Ctrl-X]

The setting isn't displayed because the Group Policy console by default only shows "real" policies that can be fully managed. What you are doing is technically not a policy, but a preference. To change this setting right-click the Administrative Templates node, select View / Filtering and uncheck the "Only show policy settings that can be fully managed" setting. To learn more about the difference between policies and preferences, read the Step-by-Step Guide to Understanding the Group Policy Feature Set.

Edited October 5, 2006 by Ctrl-X

[brian873]

Thanks CTRL-X !

I'll have a read up on this.

Thanks agian for your help

hail hail