The autorun.inf stuff (see first two posts) got me thinking about what other uses inifilemapping might have. It turns out that you can map to either the HKLM\Software or HKCU part of the registry. There are some details on a Microsoft page here.
The school I work at use some software called SIMS .net. This software connects to a SQL database backend. The connection information (SQL server name, method of authentication etc) is stored in a file called connect.ini on the hard drive of each PC. Alternatively the local connect.ini can redirect to another connect.ini file located on a server to allow the administrator to easily update the settings for everyone by changing one file.
The problem with this is that if you want to have a particular group of network users who use an alternative backend database for testing purposes, or if you want a specific user to use a different authentication method (type in a username and password rather than be automatically logged on with Windows credentials) then you have to either manually update the connect.ini on the machine that they are going to use, or you have to set them up with a log in script which overwrites the connect.ini on the machine with the settings you want. You then have to give all your other users a log in script to reset the alternative connect.ini to the normal one.
It occured to me that connect.ini could be mapped using inifilemapping, which would make it possible to configure the settings that would normally be in connect.ini with a user-based GPO.
Connect.ini files contain one section called [SIMSConnection], so if you make this per-computer registry change...
...then you are telling Windows that whenever it needs to see what settings are held in the [SIMSConnection] part of connect.ini then it should instead look in:
So you can then make this per-user registry change:
Here is a group policy administrative template (.adm file) for the computer-based registry settings. Just save it and load it into group policy editor as an administrative template.
KEYNAME "SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Connect.ini"
KEYNAME "SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf"
CustomIniFileMapping="Custom Ini File Mapping"
ConnectIni_Explain="Maps SIMSConnection section of connect.ini to HKCU\CapitaSIMSConnection"
DisableAutorunInf_Explain="Maps autorun.inf to DoesNotExist"
And here is an adm file for the user settings. You could create different policies for different users to allow them to connect to different servers or have different authentication types.
PART !!ConnectIni_ServerName EDITTEXT
PART !!ConnectIni_DatabaseName EDITTEXT
PART !!ConnectIni_ServerType EDITTEXT
PART !!ConnectIni_ConnectionType DROPDOWNLIST
NAME "Automatic" VALUE "TrustedAuto" DEFAULT
NAME "Choose" VALUE "Trusted"
NAME "No domain authentication" VALUE DELETE
END CATEGORY ;; UserMappedIniFile
UserMappedIniFile="User mapped ini files"
ConnectIni_Explain="Values for connect.ini"
ConnectIni_ServerName="SIMS Server name"
ConnectIni_DatabaseName="Name of SIMS database"
At some point I might write a tutorial on creating ADM files if I can't find a good one to link to.