I am Dale Hayter, a Microsoft and VMware certified Technical Consultant.

My blog has been built up over the years from my experience of working on an IT helpdesk and also from being out on-site.

Create / Delete / Modify Registry Keys Using Group Policy Preferences

Now and again you might need to make changes to the registry to fix a certain issue or change a setting. If you need to deploy the changes on a mass scale the best way in a domain environment is through the use of Group Policy Preferences.

This guide will show you how to go into Group policy and configure the relevant settings.

With group policy you have to put the changes under computer or user configuration. Im going to put the changes under computer. Obviously depending on what your targeting you need to put the changes in the correct place.

First of all we need to identify the registry key that we want to change. In this example I am going to show how to disable Adobe Reader X Protected Mode.

The registry key for Version X of Adobe Reader is :-

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\10.0\FeatureLockDown
Key name : bProtectedMode
Value : 00000000

Once you know what your going to change, logon to your domain controller or a server with the group policy management console on. Open up the GPMC. Navigate to the OU where you are going to apply the group policy too. Right click on the OU and then click Create a GPO in this domain, and Link it here…

Create a GPO in this domain

A dialog will appear asking for a name of the Group Policy. Since were creating one for Adobe lets call it Adobe Protected Mode then click ok.


You will now be presented with the Group Policy Management Editor. Since were putting the registry into a computer OU branch down to Computer Configuration, Preferences, Windows Settings, then click on registry.

On the right hand side will be all the registry keys you have configured in the GPO. Since we just created this GPO we have none. Right click on the white area on the right hand pane and click New, Registry Item.

New Registry Item

The next window is where we enter the registry key we detailed at the start.

First of all we have to select what action we would like applied.

Registry Action

I have detailed the differences below :-


Create a new registry value or key for computers or users.


Remove a registry value or a registry key and all of its values and subkeys for computers or users.


Delete and recreate a registry value or key for computers or users. If the target is a registry value, the net result of the Replace action is to overwrite all existing settings associated with the registry value. If the target is a registry key, the net result is to delete all values and subkeys in the key, leaving only a default value name with no data. If the registry value or key does not exist, then the Replace action creates a new registry value or key.


Modify settings of an existing registry value or key for computers or users. This action differs from Replace in that it only updates settings defined within the preference item. All other settings remain as configured in the registry value or key. If the registry value or key does not exist, then the Update action creates a new registry value or key.

In this example I have used Update as this will create it if the key doesn’t exist also it only updates this one key.

To recap the registry key details are :

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\10.0\FeatureLockDown
Key Name : bProtectedMode
Value : 00000000

In the Hive field we either put in HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER. In this example its the 1st.

We then put the rest of the registry key in the Key Path Field. So for this one we would put

SOFTWARE\Policies\Adobe\Acrobat Reader\10.0\FeatureLockDown

In “Value name” goes the Key Name bProtectedMode. The “Value Type” is REG_DWORD and finally the “Value data” is 00000000.

It should look like below. Then click ok.

Registry Options

You will then be taken back to the GP editor where you should now see the Registry item we just created listed.


Close this window. Changes you make are saved dynamically. No need to click save or anything, just cross out.

You can confirm the settings have been saved by clicking on the settings tab.


Your now see the settings you changed listed.

GPO Settings

If you leave it 15 minutes then this group policy will now start to take effect.