Platform SDK: Group Policy

Administrative Template File Format

The Group Policy snap-in can obtain registry-based policy settings from an administrative template (.adm) file. An .adm file defines the property page the Group Policy snap-in will display to allow the administrator to manage its settings. The file also indicates the registry location where the settings are stored.

If your application offers management capabilities through ADM files, it must store these settings under the following registry keys:

The following is a sample .adm file.

CLASS USER

CATEGORY !!LogonLogoff

; Most applications will use a registry key with the naming convention 
; Software\Policies\CompanyName\ProductName\ComponentName
; 
; For example:  Software\Policies\Microsoft\Windows\Printing
 
   KEYNAME "Software\Microsoft\Windows\CurrentVersion\Policies\System"
 
; This is a simple policy that sets DisableTaskMgr to 1 when enabled
 
   POLICY !!DisableTaskMgr    
       EXPLAIN !!DisableTaskMgr_Explain
       VALUENAME "DisableTaskMgr"
   END POLICY

; This is a simple policy that sets the numeric values based
; upon the policy state. When a policy is in the unchecked state,
; the value is removed from the registry. To write a value to the
; registry when the policy is unchecked, use the VALUEOFF keyword
 
   POLICY !!Run_Legacy_Logon_Script_Hidden
       EXPLAIN !!Run_Legacy_Logon_Script_Hidden_Explain
       VALUENAME "HideLegacyLogonScripts"
           VALUEON NUMERIC 1
           VALUEOFF NUMERIC 0
   END POLICY

; This policy demonstrates some of the different PART types
        
   POLICY !!LimitSize
      EXPLAIN !!LimitSize_Explain
      VALUENAME "EnableProfileQuota"

      PART !!SizeMessage               EDITTEXT
         DEFAULT !!DefaultSizeMessage
         VALUENAME "ProfileQuotaMessage"
      END PART

      PART !!ProfileSize               NUMERIC REQUIRED SPIN 100
         VALUENAME "MaxProfileSize"
         DEFAULT 30000
         MAX    30000
         MIN    300
      END PART

      PART !!IncludeRegInProQuota      CHECKBOX
         VALUENAME "IncludeRegInProQuota"
      END PART

      PART !!WarnUser                  CHECKBOX
         VALUENAME "WarnUser"
      END PART

      PART !!WarnUserTimeout           NUMERIC REQUIRED SPIN 5
         VALUENAME "WarnUserTimeout"
         DEFAULT 15
         MIN    0
      END PART
   END POLICY
END CATEGORY

[Strings]
DefaultSizeMessage="You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage."
DisableTaskMgr="Disable Task Manager"
DisableTaskMgr_Explain="Prevents users from starting Task Manager (Taskmgr.exe).\n\nIf the user tries to start Task Manager, the system displays a message indicating that the action is prohibited by a policy.\n\nTask Manager lets users start and stop programs; monitor the performance of their computer; view and monitor all programs running on the computer, including system services; find the executable name of a program; and change the priority of the process in which a program runs."
IncludeRegInProQuota="Include registry in file list"
LimitSize="Limit profile size"
LimitSize_Explain="Limits the size of user profiles"
LogOnLogOff="Logon/Logoff"
ProfileSize="Max Profile size (KB)"
Run_Legacy_Logon_Script_Hidden="Run legacy logon scripts hidden"
Run_Legacy_Logon_Script_Hidden_Explain="This policy allows the legacy (user-specific) logon scripts to run hidden."
SizeMessage="Custom Message"
WarnUser="Notify user when profile storage space is exceeded."
WarnUserTimeout="Remind user every X minutes"

Note  The .adm file format is also used by the Windows NT 4.0 System Policy Editor. For more information, see System Policies.