I'm implementing NAP (a new feature in WS2008) for a domain full of Vista workstations. By default, workstations in a domain have Security Center turned off, but it has to be turned on for the NAP client to work. I used group policy to enable SC; so far so good. BUT... a management decision was made to turn off UAC, so when SC is turned on, the RSoN (Red Shield of Nagging) starts popping up warnings that a security component needs attention. It was easy to see how to turn off the alerting, so naturally I figured we could disable itwith group policy. Couldn't find the setting anywhere in Vista/2008'sGPME, not in Computer Settings or UserSettings. Curious, I went thru the registry to find the setting. Found it under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\[your SID here]\EnableNotification. The SID-named key only gets created if and when the user changes the alert setting from default. My first thought was, what the heck is a SID (user)-specific setting doing in HKLM? But more importantly, how do you control the settingacross all your computers? It's kind of hard to make an ADMX file for a registry key that's unknown. Or is there a way?

Hi, Thank you for your post. Yes, you are right. The information about Security Center alert is stored in the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc. Based on my research, however, we may not be able to control it via group policy this time, because: 1. We have no permission to edit the key which is under HKEY_LOCAMACHINE. 2. The <SID> entry (under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc) is created only if the user corresponding to the SID changes the Security Center alert option. Additionally, you may create a thread on Windows Server 2008 Forum for more information since they are specialized in Group Policy. For your reference, Ive include their contact information as below: Windows Server 2008 Active Directory services http://forums.microsoft.com/TechNet/ShowForum.aspx?ForumID=571&SiteID=17 Windows Server Newsgroup http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.windows.server.active_directory&cat=en_US_09e458e2-5a48-4d89-a40f-847f472bc08e&lang=en&cr=US Hope it helps. Sincerely, Joson Zhou Microsoft Online Community Support