Share via


Registry Policy File Format

The Group Policy Object Editor stores registry-based configuration settings in two Registry.pol files, stored in folders under the <drive>:\Windows\System32\GroupPolicy\ folder. One file contains computer settings and the other file contains user settings. The Group Policy Object Editor saves the settings to these files on exit, and imports the settings on startup.

A Registry.pol file is a text file that consists of a header and a body. The header contains two DWORD values that indicate the file signature and version. These values are defined as follows.

Value Definition
REGFILE_SIGNATURE Defined as 0x67655250.
REGISTRY_FILE_VERSION Initially defined as 1, then incremented each time the file format is changed.

The body consists of registry values in the following format.

[key;value;type;size;data]

key

Path to the registry key. Do not include HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER in the registry path. The location of the file determines which of these keys are used.

value

The name of the registry value.

The following values have special meaning for this field.

Value Meaning
**DeleteValues A semicolon-delimited list of values to delete. Use as a value of the associated key.
**Del.valuename Deletes a single value. Use as a value of the associated key.
**DelVals Deletes all values in a key. Use as a value of the associated key.
**DeleteKeys A semicolon-delimited list of keys to delete. The value field needs to be terminated with a NULL or space immediately after **DeleteKeys.
Example: **DeleteKeys/0;type;size;NoRun;NoFind
**SecureKey **SecureKey=1 secures the key, giving administrators and the system full control, and giving users read-only access. **SecureKey=0 resets access to the key to whatever is set on the root. For more information, see Access Rights and Access Masks.

type

The data type. The field can contain any of the registry value types defined in WinNT.h.

REG_BINARY

REG_DWORD

REG_DWORD_LITTLE_ENDIAN

REG_DWORD_BIG_ENDIAN

REG_EXPAND_SZ

REG_LINK

REG_MULTI_SZ

REG_NONE

REG_QWORD

REG_QWORD_LITTLE_ENDIAN

REG_SZ

size

The size of the data field, in bytes.

data

The user-supplied data.

If value, type, size, or data are missing or zero, only the registry key is created.