Reputation: 1247
Edit a GPO with a script
Is it possible to use a batch file to edit a local GPO ?
What I am exactly trying to do:
- I want to create a "New Software Restriction Policies".
- Change a parameter value in the "Enforcement".
- Add a new path rule with a specific path.
I am not looking for you to create the script. I just want to know if this is possible to do it with a batch file & and some idea to help me start with this task.
This procedure is not really complicated and can be done manually. Given that I have to apply these change for a lot of computer, I am looking for a fastest way than doing it from the "gpedit.msc".
Upvotes: 1
Views: 4667
Answers (1)
Reputation: 11367
Yes, it is possible to edit the local GPO using a Batch script. Simply manipulate the GPO by editing the registry keys. Note: Depending upon the GPO setting changed through the registry, you may need to log the user off before the change takes effect.
Step 1
- Download the Microsoft Group Policy Setting Reference (Registry Keys List):
http://www.microsoft.com/en-us/download/details.aspx?id=25250
Step 2
- Get the policy registry location from the Spreadsheet
e.g.HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!AppendToMultiLabelName
Step 3
- Use the
reg addcommand to edit the values as you need
e.g.@reg add "HKLM\Software\Policies\Microsoft\Windows NT\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f
Note
- You may need to edit the GPO registry key in both the
MachineandUsersection of the registry along with theWOWsection.
e.g.@reg add "HKLM\Software\Policies\Microsoft\Windows NT\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f & @reg add "HKLM\Software\Wow6432Node\Policies\Microsoft\Windows NT\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f & @for /f "delims=" %A in ('reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects" /k /f "*Machine" ^| find /i "HKEY"') do @reg add "%~A\Software\Policies\Microsoft\Windows NT\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f & @reg add "%~A\Software\Policies\Microsoft\Windows NT\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f
Breakdown of example:
- Update the value in the default location
- Update the value in the secondary location for 64-bit OS
- Loop through the User GPOs
- Update the value based on the default location
- Update the value based on the secondary location for 64-bit OS
- Loop through the User GPOs
Upvotes: 2
Related Questions
- How to use Powershell method or any other batch method to modify a LOCAL group policy?
- Change Windows settings via script
- How to Edit Local Group Policy using PowerShell
- How to change group policy via command line?
- How could you edit a specific group policy using a batch file
- Using Powershell to edit/modify a GPO
- Batch file to edit Registry value?
- Passing parameters from Group Policy to VBScript
- Trouble getting GPO logon script to run using Active Directory Domain Services
- Software installation startup-script via GPO