Can I create a reg.dat file to automate policy/security settings across multiple Win2k servers?
I am deploying Win2k on multiple servers. They all have policy and security settings that are the same. I want to automate the process of entering in each setting by creating a reg.dat file. This file will be used to make the changes needed. How do I complete this task?
Whether or not you can be successful at this depends on the security settings you're configuring. Many of them are not accessible (they're stored in the registry's security hive) and should never be deployed using this technique. Other settings are legitimately deployed using registry hive files. However, using a hive file is more of a shotgun approach, since the hive file replaces the key in to which you import it. So, I recommend that you use REG files.
The last thing I want to mention is that you shouldn't deploy policies as REG files or hive files. You should always establish policies using Group Policy, since there's much more going on behind the scenes than just setting some registry values. If you set these policies using REG files, you'll tattoo the registry and won't see the results in Group Policy editor, Resultant Set of Policy, etc.
One solution is to find a good scripting tool that'll walk through your configuration steps for you. Another is to deploy your servers as disk images (prior to promotion).
This was first published in September 2002