Does anyone have a fixlet or know how to validate if a Windows local policy is set? For example: I need to make sure Device: Allowed to format and eject removable media to adminstrators. According to the out of the box content this is checked in the reqistry at:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD
but it doesn’t exist
and it is actually located in the local policy at:
Computer Configuration\Windows Settings\Security Settings\Local Policies\SecurityOptions\Devices: Allowed to format and eject removable media
It seems like you could just query both “Computer Configuration\Windows Settings\Security Settings\Local Policies\SecurityOptions\Devices” AND “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD” to see if it is set in either place.