How to Add, Edit, Deploy and Import Registry Keys through GPO

How to Add, Edit, Deploy and Import Registry Keys through GPO

The Windows registry is a hierarchical database that contains data required for the operation of Windows and its application and services. The data is structured in a tree format, where each node is referred to as a key. These registry keys contain registry values and may also contain other registry keys. The registry values are name/data pairs that are stored in the keys. Since the registry contains important information pertaining to the operating system and installed applications, they must be edited with care in order to prevent damage. Sometimes, the registry may need to be edited in order to correct errors, add new settings or prevent an existing system activity.

Registry settings on domain computers could not be managed by administrators using Group Policy Objects. So, they had to create their own administrative GPO templates and logon scripts for this purpose. However, a group policy extension called Group Policy Preferences (GPP) was provided by Microsoft with Windows Server 2008. This in turn allows the administrators to create, update, edit, delete registry keys and deploy the registry settings to all the domain computers by importing them through Group Policy Objects. The process of adding, editing, and deploying registry keys using Group Policy is discussed in the following sections. However, it is important to backup the registry before making any changes.

How to Add/ Edit a Registry Key via Group Policy Objects

A registry key can be created and edited manually by means of Group Policy Preferences. This can be done by specifying the path and value of the registry key using the steps given as follows.

  1. Editing a Registry Key through GPO
  2. Open the Group Policy Management Console (GPMC).
  3. Create a new Group Policy Object or edit an existing GPO.
  4. Link the new or existing GPO to the desired organizational unit (OU) which contains the users/ devices on which the registry key needs to be added or edited, and switch it to the GPO Edit mode.
  5. Right-click on Registry and select New > Registry Item.
  6. In the New Registry Properties window, select the Registry Hive where the registry key to be updated exists.
  7. Browse to locate and select the existing registry value.
  8. In the Registry Item Browser window, select the registry value to be updated.
  9. In the Value data field, set the new value for the selected registry key and click on the Apply button to complete the process.

Adding a Registry Key through GPO

  1. Open the Group Policy Management Console (GPMC).
  2. Create a new Group Policy Object or edit an existing GPO.
  3. Link the new or existing GPO to the desired organizational unit (OU) which contains the users or devices on which the registry key needs to be added or edited, and switch it to the GPO Edit mode.
  4. Navigate to Computer Configuration (or User Configuration) > Preferences > Windows Settings > Registry.
  5. Right-click on Registry and select New > Registry Item.
  6. In the New Registry Properties window, select the General tab.
  7. Enter the Registry Hive, Keypath, Value name, Value type, and Value data in the respective fields.
  8. In the Action field, select the Update option. There are four different types of actions available namely Create, Update, Replace and Delete.
  9. After entering all the required values, click on the Apply button to complete the process.
By logging into any of the computers located within the selected organizational unit where the group policy is linked, the newly created or updated registry value can be seen.

How to Deploy and Import a Registry Key via Group Policy Objects

Registry settings can be deployed by importing the registry via group policy. After configuring the required registry values, the registry settings can be imported by using the Registry Wizard. This process allows the registry settings to be deployed to all the computers within the organizational unit.
  1. Open the Group Policy Management Console (GPMC).
  2. Create a new Group Policy Object or edit an existing GPO.
  3. Link the new or existing GPO to the desired organizational unit (OU) which contains the users or devices on which the registry key needs to be added or edited, and switch it to the GPO Edit mode.
  4. Navigate to Computer Configuration (or User Configuration) > Preferences > Windows Settings > Registry.
  5. In the context menu, select New > Registry Wizard. The Registry Wizard can also be used to connect to the registry on a remote computer, besides the local computer.
  6. In the Registry Browser, select the Local Computer or Another Computer option. In order to connect to a remote computer, enter the name of the computer in the corresponding field. Here, the Local Computer option is selected. Click Next.
  7. Locate the existing registry key to be imported, using the Registry Browser tree and select it.
  8. Select the required values and keys to be imported into the Group Policy Preference (GPP) and click Finish.
The entries that were imported using the wizard can be reviewed and modified using the steps provided above for adding or editing registry values.
    • Related Articles

    • How to Deploy Printers to Users/Groups/Computers with GPO

      Introduction Employees in an organization would be required to use the printer for various purposes. Unless the employees have a printer installed locally on their system, they will be using one of the shared printers in the organization's Active ...
    • GPO Delegation

      Just like other AD objects, security principals can be assigned permissions to access a GPO. The following are the list of permissions that can be assigned: Read Edit Settings Edit Settings, Delete, Modify security The following steps illustrate how ...
    • How to Force USB Encryption on Removable Devices using GPO

      As data breaches become increasingly common, ensuring that sensitive data is encrypted is paramount, especially on removable USB devices. Group Policy Objects (GPO) in Windows allows administrators to enforce such security measures across a network. ...
    • Using GPO to prevent access to desktop application

      Introduction Security breaches via unauthorized application access are a growing concern for system administrators. The challenge of mitigating such vulnerabilities, while ensuring that essential applications remain accessible, is intensified by the ...
    • How to configure GPO in Active Directory at Site, Domain and OU levels

      Introduction Active Directory network multiplies over time and it may become incommodious to manage. There is a myriad of things that need to be controlled such as security permissions, software installation, desktop settings for users and computers, ...