So I need to write a registry key, and I want to do it with a GPO.
I configure my GPO with no issues at
Computer Configuration > Preferences > Windows Settings > Registry (using the registry wizard)
RSOP.msc and gpresult show that the GPO is 'Applied' with no error. When I check the registry, the entry is NOT there, and it is also not in HKLM\Software\Policies\Microsoft...
BUT
When I search the registry, I DO find it under HKey_Users.Default\software\policies... and \S-1_5-18
- Question 1: why is my GPO showing up here, and not in the normal spot in the registry?
- Question 2: Is this policy in effect (the policy is for disabling ie11 NotifyDisableIEOptions)?? Because my security group is not seeing the registry key in the proper place, they are saying it is not working, even though IE11 is not starting.
- Question 3: If the /.Delault HKey is merged with the normal profiles and is in effect, can I please have a MS reference to show my security people.
p.s. I am not interested in getting the separate admx files to load on my domain to avoid the reg keys.
PART 2
OK, so this is not working the way security wants, so lets just try to use the second GPO registry portion under:
Computer Configuration > Policies > Windows Settings > Security Settings > Registry
but this only allows me to write the key and set permissions on the key. it does not allow me to write values.
Question 4: why? What is the GPO for if not creating registry keys and such?
Thank you all for your help and patience :)