On Fri, Jan 2, 2009 at 4:49 PM, David Lum <[email protected]> wrote: > Follow-up: Once you create the GPO, where exactly is it added, and shouldn't > there be some way to duplicate the result w/out having to load the offending > app on the machine running GPMC?
As I recall: GPOs exist as reference(s) to a GUID inside Active Directory, and then as a folder with that GUID for a name, somewhere under the SYSVOL share. Inside the folder are files that describe the GPO settings, along with any ADM files used, and maybe some other files (application deployment, for example, is described in separate files). The reference(s) in AD are how the GPO processing and management code knows to look for the folder and files. It might be possible to tinker with the contents of the GPO files directly, but that I don't know anything about. > I can't cheat and create an .ADM or something, can I? Well, since services exist in the registry, and .ADM files are just a collection of possible registry settings, you prolly could craft an .ADM file to tinker with the service start type. However, it would be "tattooed" to the registry, i.e., removing or overriding the GPO setting would not revert the service to its default state. I think. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
