I know basically nothing about Group Policy, other than that I've occasionally edited some settings using Local Group Policy Editor on my local Windows machine. I do have experience with applying Registry Changes either through regedit directly or by merging .reg
files. I'm wondering how similar Group Policy Administrative Templates (.admx
files) are to Registry files, conceptually.
Is it possible to write an Administrative Template file with one setting you want to tweak, copy the file over to another computer, and when someone double clicks on it, it effectively "installs" that setting? This is what registry files do; I'm wondering if Group Policy files function in the same basic way, or not.
And if they do, how would I go about crafting an ADMX file to edit a single Group Policy setting? In particular I'm trying to set the following policy to "disabled" (programmatically):
Computer Configuration > Administrative Templates > Windows Components > Windows Update
Configure Automatic Updates
Your conception is incorrect. ADM/ADMX files are nothing like exports from the registry.
Administrative Templates (both the old-style ADM and newer-style ADMX files) exist to drive the user interface in the Group Policy editor. They define the settings that can be managed, not the settings themselves. These settings amount to registry values which are automatically added to the client computer's (or user profile's) registry by the Administrative Templates Client Side Extension (CSE) when the client computer processes Group Policy.
I don't think you want to create an ADMX file. Rather, I think you just want to set a particular registry value in the same way that the CSE would set it. I'm tending to think that you're probably working in an environment without Group Policy and are looking to apply settings to standalone computers. (If that's not the case you should just be using Group Policy.)
With the particular setting you're looking for you can probably just research managing the Automated Updates client with registry settings to create a registry merge that will do what you want.
For settings that are more obscure than that you can learn about the ADMX file schema so that you can read through the ADMX file yourself to learn what registry values a particular ADMX setting actually manipulates.
.admx files are written in XML and contain settings that the Group Policy Management Console can read. Group Policy then translates those settings to registry keys (which may not exist prior to the policy being applied).
Windows update settings live in
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
. When I worked in a setting without AD I used to deploy those keys manually through third party configuration tools, although XP did so more reliably than 7 and above. Since you're trying to disable updates, you don't need my usual disclaimer about SusClientID and PingID. ;) You should be able to alter those settings by importing a registry file, or using the scripting language of your choice.I will offer the caveat, however, that I hope you're intending to patch the systems some other way.
As there already mentioned, ADMX files contains rules definitions, not settings themselves. If there is no AD, you, however, can transfer these settings to another computer:
Group policy settings should be applied.