When you run System Policy Editor, Windows 98 opens the default policy template, which contains existing policies you can enable or modify. A template is a listing of the possible policies you can use. By default, this template file is named Windows.adm and is stored in the Windows INF directory.
You can create custom system policy templates (ADM files) and switch between multiple templates in System Policy Editor. For example, it might be helpful to have system policy settings for corporate-specific applications, such as an in-house database, custom front end, or electronic mail package. After a template has been customized, you can load it and use it to set values in the registry.
Note
If you want to define system policies for applications, the applications must be able to read the Windows 98 registry.
Creating your own template is helpful when you want to define a specific set of registry settings in your system policies, including settings not definable by default through System Policy Editor. As shown in Figure 8.2, the template defines the policies you can set through System Policy Editor. Changes you make there are reflected in the policy file (shown in the example as Config.pol), which in turn updates the registry when the user logs on.
Figure 8.2 Using a custom system policy template to define policies
To use a template other than the default template
You can create your own templates to be read by System Policy Editor. Users can then load a template and use it to set values in the registry. To create a template, use a text editor, such as WordPad, to edit or write an ADM file. You can open the default template named Windows.adm in the Windows INF directory to use as an example.
A template uses several key words, syntaxes, and symbols, as summarized in the following list.
CLASS category_type
CATEGORYname[KEYNAMEkey_name] [...policy definition statements...] END CATEGORY
POLICYname[KEYNAMEkey_name] [...part definition statements...] END POLICY
PARTnamepart_type type-dependent data[KEYNAMEkey_name] VALUENAMEvalue_nameEND PART
Table 8.12 describes the keywords in system policy templates. Following this table are lists of the controls and values that can be defined in templates.
Table 8.12 System policy template keywords
| Template keyword | Description |
|---|---|
| CLASS | Defines the registry key that can be edited; the value must be USER or MACHINE, corresponding to HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE, respectively. |
| CATEGORY name | Defines a category in System Policy Editor. Category names that contain spaces must be enclosed in quotes. A category statement can appear only once for each category name. |
| END CATEGORY | Defines the end of a category and all its policies. |
| POLICY name | Defines a policy within a category. Policy names that contain spaces must be enclosed in quotes. |
| END POLICY | Defines the end of a policy and all its parts. |
| PART name | Defines one or more controls that can be used to set the values of a policy. Part names that contain spaces must be enclosed in quotes. Policy part types and type-dependent data are described in the following tables. |
| END PART | Defines the end of the control list. |
| VALUEON | Specifies the setting to assign to the value when the policy is selected. |
| VALUEOFF | Specifies the setting to assign to the value when the policy is cleared. |
| KEYNAME | Specifies the full path of the registry key. This is an optional registry key name to use for the category or policy. If there is a key name specified, it is used by all child categories, policies, and parts, unless they define a key name of their own. |
| VALUENAME | Defines the registry value entry name. |
| VALUE | Specifies the registry value to set to a VALUENAME. |
| !! | Indicates a string value. |
| [strings] | Defines a section containing string values. |
A system policy template uses the part control indicators listed in Table 8.13.
Table 8.13 System policy template part control indicators
| Part control indicator | Description |
|---|---|
| CHECKBOX | Displays a check box. The value is nonzero if checked by the user, and its value entry is deleted if it is unchecked. |
| NUMERIC | Displays an edit field with an optional spin control that accepts a numeric value. |
| EDITTEXT | Displays an edit field that accepts alphanumeric text. |
| COMBOBOX | Displays a combo box, which is an edit field plus a drop-down list for suggested values. |
| TEXT | Displays a line of static (label) text. There is no registry value associated with this part type. |
| DROPDOWNLIST | Displays a drop-down list. The user can choose from only one of the entries supplied. The main advantage of a drop-down list is that, based on the user’s selection, a number of extra registry edits can be performed. |
| LISTBOX | Displays a list box with Add and Remove buttons. This is the only part type that can be used to manage multiple values under one key. |
A system policy template uses the type-specific information listed in Table 8.14.
Table 8.14 System policy template type-specific information
| Type-specific modifier | Description |
||||
|---|---|---|---|---|---|
| CHECKBOX | |||||
| DEFCHECKED | Causes the check box initially to be checked. | ||||
| VALUEON | If specified, overrides the default "on" behavior of the check box. For example: VALUEON "On" writes "On" to the registry. | ||||
| VALUEOFF | If specified, overrides the default "off" behavior of the check box. For example: VALUEOFF "Off" writes "Off" to the registry. | ||||
| ACTIONLISTON | Specifies the optional actions to be taken if check box is "on." | ||||
| ACTIONLISTOFF | Specifies the optional actions to be taken if check box is "off." | ||||
| NUMERIC | |||||
| DEFAULT value | Specifies the initial numeric value for the edit field. If this statement is not specified, the edit field is initially empty. | ||||
| MIN value | Specifies the minimum value for a number. Default value is 0. | ||||
| MAX value | Specifies the maximum value for a number. Default value is 9999. | ||||
| SPIN value | Specifies the increments to use for a spin control. Specifying SPIN 0 removes the spin control; SPIN 1 is the default. | ||||
| REQUIRED | If specified, System Policy Editor will not allow a policy containing this part to be enabled unless a value has been entered. | ||||
| TXTCONVERT | Writes values as strings rather than binary values. | ||||
| EDITTEXT | |||||
| DEFAULT value | Specifies the initial string for the edit field. If this statement is not specified, the edit field is initially empty. | ||||
| EXPANDABLETEXT | Writes the value to the registry with the data type REG_EXPAND_SZ. This allows the use of environment variables. | ||||
| MAXLEN value | Specifies the maximum length of the string in the edit field. | ||||
| REQUIRED | If specified, System Policy Editor will not allow a policy containing this part to be enabled unless a value has been entered. | ||||
| OEMCONVERT | Sets the ES_OEMCONVERT style in the edit field so that typed text is mapped from ANSI to OEM and back. | ||||
| COMBOBOX | Accepts all the key words that EDITTEXT does, as well as NOSORT and SUGGESTIONS. | ||||
| NOSORT | If specified, values in the combo box are not sorted alphabetically. This is useful when a sorted value list would cause them to be displayed in an illogical order. | ||||
| SUGGESTIONS | Begins a list of suggestions to be placed in the drop-down list. Suggestions are separated with spaces and can be enclosed by quotes. The list is terminated with END SUGGESTIONS. For example:
|
||||
| TEXT | Contains no type-specific data. | ||||
| DROPDOWNLIST | |||||
| NOSORT | If specified, values in the drop-down list are not sorted. This is useful when a sorted value list would cause them to be displayed in an illogical order. | ||||
| REQUIRED | If specified, System Policy Editor will not allow a policy containing this part to be enabled unless a value has bee4n entered. | ||||
| ITEMLIST | Begins a list of the items in the drop-down list. The list is terminated with END ITEMLIST. Each item in the list is specified as follows:
name is the text to be displayed in the related drop-down list. value is the value to be written for the part’s value if this item is selected. Values are assumed to be strings, unless they are preceded by the key word NUMERIC. For example:
If the VALUE key word is followed by the DELETE key word (that is, VALUE DELETE), this registry name/value pair will be deleted. actionlist is an optional list to be used if this value is selected. |
||||
| LISTBOX | |||||
| VALUENAME | Cannot be used with the list box type, because there is no single value name associated with this type. By default, only one column appears in the list box, and for each entry a value is created with an identical value name and value data. For instance, the List Entry value in the list box would create a value named "List Entry" containing "List Entry" as data. | ||||
| VALUEPREFIX prefix | Defines the prefix to be used in determining value names. If a prefix is specified, this prefix plus "1," "2," and so on will be used instead of the default value naming scheme listed earlier in this table. The prefix can be empty (" "), which will cause the value names to be "1," "2," and so on. A prefix of SomeName will generate value names "SomeName1," "SomeName2," and so on. | ||||
| EXPLICITVALUE | Causes the user to specify the value data and the value name. The list box shows two columns for each item, one for the name and one for the data. This key word cannot be used with the VALUEPREFIX key word. | ||||
| ADDITIVE | If specified, values set in the list box are used in addition to whatever values exist in the target registry. Existing values are not deleted; by default, if ADDITIVE is not specified, the content of list boxes will "override" whatever values are set in the target registry. | ||||
| Strings | |||||
| !! | Indicates a string value. For example:
|
||||
| [strings] | Defines a section containing string values; the values are defined in the following format: var_name=string value For example:
|
||||
| Comments | Can be added by preceding the line with a semicolon (;). | ||||