Super User Asked on December 19, 2020
Is there a way to change or edit certain group policies via command line?
We are currently installing a lot of PCs based on an image. After the install is done, certain group policies need to be changed, which we have to do manually at this point.
I Would like to add these changes in a script so I can create a script per department to enforce these group policies.
For example:
Set “Computer Configuration / Management Templates / Configuration Panel / Online Tooltips” to “disabled” via a script.
Thanks!
Since the Group Policy settings are stored in the Registry, the easiest method to create department-wide configurations might be through a .reg file,
Microsoft maintains a list of the Group Policy Registry keys. For example, line 188 shows HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer!AllowOnlineTips controls online tooltips.
Rather than synthesizing the .reg script from scratch, you could "reverse engineer" such a script by taking a snapshot of the Registry of a freshly created clone, applying appropriate changes through the Group Policy Editor, and then diffing that snapshot with a new one. An excellent tool for this purpose is Nirsoft's RegistryChangesView, which can "export the Registry changes into a standard .reg file".
Of course, if you're running a batch script anyway, just add a line to it:
regedit.exe /s "full path to your .reg file"
You can also import .reg files through the GPE using PowerShell.
Correct answer by DrMoishe Pippik on December 19, 2020
I would not recommend to rely on registry changes when I want to achieve a policy. A policy isn't always a registry entry and vice versa... Especially when it comes to the processing order there are differences as well as the stage of implementation (image, pre- / post-sysprep) depending on the hive (if the policy sets a registry value).
From personal experience I would prefer to set and apply a GPO rather than editing reg values manually. We hat the issue that reg settings were not finding there way back to the policy and policy settings were overriding the reg value.
Some nice way are PS cmdlets very well explained here: https://www.powershellmagazine.com/2012/05/14/managing-group-policy-with-powershell/
Answered by Matthias Fleschütz on December 19, 2020
Some policies are stored in C:WindowsSystem32GroupPolicy in CSV format.
Audit policies can be set via auditpol command.
Answered by George Sovetov on December 19, 2020
Yes, it is possible by a powershell script, I find out here a descriptive way to manage Local Policy with powershell.
If I can suggest you another approach why do not edit the image and deploy the image with the configuration you likes?
If you cannot edit the image because a third party provide it to you, you can restore it in a computer, perform your personalisation and create an image to restore on other computers with opensource tools like clonezilla.
Answered by AtomiX84 on December 19, 2020
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP