I have a XenApp Server running on Server 2008, and would like to apply a Group Policy Object to the server to modify the following registry setting:
HKLM\Software\Symantec\Symantec Endpoint Protection\SMC\LaunchSMCGui
Changing the value from "1" to "0". Note, this is 'best practice' setup recommended from Symantec – it stops new instances of Symantec from starting on each application started on the XenApp server for users.
I have my new Group Policy Object, and have applied it to a test folder with 2 servers in there. For testing purposes, I have applied 'Domain Computers' and also one of the Servers AD Object to the 'Security Filtering' section of the GPO (neither are working on getting the reg key change working).
I run 'gpupdate /force' on the servers, but the reg key stays the same value. It does ask for a log off to complete some policies – but I cannot do that as these are in use during the day (the servers are rebooted each night, but I'd like to know that I've got the settings above correct before waiting 24 hours to check each time).
Can any GPO guru's check the above and tell me if I'm set, or is there something else to do? Thank you.
Best Answer
Because you're talking about a setting in HKEY_LOCAL_MACHINE I assume you set the Registry Group Policy Preference (GPP) setting in the Computer section of the Group Policy Object (GPO) you created and linked.
I would return the "Security Filtering" settings back to default. As long as you don't mind the setting applying to all the computers in the OU where you've linked the GPO the default security settings are appropriate. (Security Filtering isn't something you should be using unless you have a particular need for it. The default setting is sane and reasonable.)
The output of either the
gpresult /zcommand or the Resultant Set of Policy Tool (RSoP) from one of the server computers where you expect the policy to apply will help you out troubleshooting this. You should be looking to see that the newly-created GPO is being applied in either of those tools' output.You should also be looking over the Event Log (Application and System) for Group Policy application related errors.