Registry Policy File Format

The Group Policy Object Editor stores registry-based configuration settings in two Registry.pol files. One file contains computer settings and the other file contains user settings. The Group Policy Object Editor saves the settings to these files on exit, and imports the settings on startup.

A Registry.pol file is a text file that consists of a header and a body. The header contains two DWORD values that indicate the file signature and version. These values are defined as follows.

ValueDefinition
REGFILE_SIGNATUREDefined as 0x67655250.
REGISTRY_FILE_VERSIONInitially defined as 1, then incremented each time the file format is changed.

 

The body consists of registry values in the following format.

[key;value;type;size;data]

key

Path to the registry key. Do not include HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER in the registry path. The location of the file determines which of these keys are used.

value

The name of the registry value.

The following values have special meaning for this field.

ValueMeaning
**DeleteValuesA semicolon-delimited list of values to delete. Use as a value of the associated key.
**Del.valuenameDeletes a single value. Use as a value of the associated key.
**DelValsDeletes all values in a key. Use as a value of the associated key.
**DeleteKeysA semicolon-delimited list of keys to delete. The value field needs to be terminated with a NULL or space immediately after **DeleteKeys.

Example: **DeleteKeys/0;type;size;NoRun;NoFind

**SecureKey**SecureKey=1 secures the key, giving administrators and the system full control, and giving users read-only access. **SecureKey=0 resets access to the key to whatever is set on the root. For more information, see Access Rights and Access Masks.

 

type

The data type. The field can contain any of the registry value types defined in WinNT.h.

REG_BINARY REG_DWORD

REG_DWORD_LITTLE_ENDIAN

REG_DWORD_BIG_ENDIAN

REG_EXPAND_SZ

REG_LINK

REG_MULTI_SZ

REG_NONE

REG_QWORD

REG_QWORD_LITTLE_ENDIAN

REG_SZ

size

The size of the data field, in bytes.

data

The user-supplied data.

If value, type, size, or data are missing or zero, only the registry key is created.

 

 

Show:
© 2014 Microsoft