ADM Template Controls
Each policy definition specifies the controls that administrators will use to configure that policy. The previous example uses EDITTEXT
parts that generate text boxes with a specified caption. You can also specify behavior for the part, for example the previous policy specifies that, for the "User Name" text box, the administrator must provide a value (REQUIRED
). The VALUENAME
"UserName" section of the declaration specifies that the setting should be persisted under a value named "UserName" within the registry key for this policy:
PART !!DefaultUserNameText EDITTEXT REQUIRED
The parts you can use in a classic administrative template are:
- EDITTEXTcreates a text box where the administrator can type in a value
- NUMERICcreates a text box for entering numeric values, and optionally "spin" controls to change the value
- COMBOBOXcreates a combo box where the administrator can type in a value or select from a list of suggested values
- DROPDOWNLISTcreates a drop-down list from which the administrator can select one value
- LISTBOXcreates a single or two-column list of settings from which the administrator can select or edit values
- CHECKBOXcreates a checkbox for a Yes/No or True/False setting
- TEXTcreates non-editable text to display with other controls
You can see several of the controls in use in the GPO example. Listing 1
shows the complete administrative template for the GPO example.
Installing and Configuring Administrative Templates
Here's the procedure to install an administrative template as a custom GPO:
Reading Group Policy Settings from the Windows Registry
- Open the appropriate Group Policy Editor. For local policies, use gpedit.msc (see the earlier section "Working with Local Group Policy Settings" for details). For forest/domain policies, use the GPMC (see the earlier section "Working with Domain Group Policy Settings" for details).
- If you are installing a forest/domain policy in the GPMC, right-click the Group Policy Objects entry within the appropriate domain, select "New," and enter the name for the GPO. Then right-click the new GPO entry and select "Edit" to open the Group Policy Object Editor window.
- In the Group Policy Object Editor window, right-click the entry Administrative Templates in the left-hand tree view and select "Add/Remove Templates...".
- In the Add/Remove Templates dialog, click the Add button and navigate to the .adm or .admx file you want to add. For the example application, add the template named GroupPolicyDemo.adm from the GPScript subfolder of the example Web site.
- Click the Close button in the Add/Remove Templates dialog, and the template policies appear in the Group Policy Object Editor window. Categories in the CLASS MACHINE section of the template appear in the Computer Configuration section of the tree, and categories in the CLASS USER section of the template appear in the User Configuration section.
- To configure or edit the values for the policies in the GPO, select the new GPO section within the Administrative Templates section in either the Computer Configuration or the User Configuration section of the left-hand tree view and double-click on the item in the list in the right-hand pane to open the edit dialog.
- Use the Next Setting and Previous Setting buttons in the edit dialog to scroll through the settings. The dialog saves values as soon as you close the edit dialog or move to another setting.
After you have created and installed a GPO, you must write application code to make your application aware of the settings and apply any values configured in that GPO. The .NET Framework Microsoft.Win32 namespace contains classes that make it easy to work with Windows Registry. Add this namespace to your project and code files to take advantage of these classes:
// in C#:
' in Visual Basic.NET
To open and read a registry key, you use the Registry and RegistryKey classes. It's good practice to close a key when you're done using it. For example, the following code opens a key in the HKEY_LOCAL_MACHINE
hive, reads the value, and then closes it:
// in C#:
String REG_PATH =
Object keyValue = null;
// open named key in HKEY_LOCAL_MACHINE section
RegistryKey demoKey =
if (demoKey != null)
// get the specified value from this key
keyValue = demoKey.GetValue("MyKeyValueName");
' In Visual Basic.NET:
Private Const REG_PATH =
Dim keyValue = Nothing
Dim demoKey As RegistryKey =
If Not demoKey Is Nothing Then
' get the specified value from this key
keyValue = demoKey.GetValue(keyName)
method returns an Object type. You can use the GetValueKind
method to determine the registry value type if required, and other methods of the class to read multiple values and sub-keys. However, when reading Group Policy settings, you usually need to read the key value only as an Object; then you can convert it as required in your code.