使用脚本编辑GPO
[英]Edit a GPO with a script
问题描述
Is it possible to use a batch file to edit a local GPO ? 
是否可以使用批处理文件来编辑本地GPO?
What I am exactly trying to do: 我到底想做什么:
- I want to create a "New Software Restriction Policies". 我想创建一个“新软件限制策略”。
- Change a parameter value in the "Enforcement". 在“实施”中更改参数值。
- Add a new path rule with a specific path. 添加具有特定路径的新路径规则。
I am not looking for you to create the script. 我不是要您创建脚本。 I just want to know if this is possible to do it with a batch file & and some idea to help me start with this task. 我只想知道是否可以使用批处理文件来完成此操作,并且想出一些办法来帮助我开始执行此任务。
This procedure is not really complicated and can be done manually. 此过程实际上并不复杂,可以手动完成。 Given that I have to apply these change for a lot of computer, I am looking for a fastest way than doing it from the "gpedit.msc". 鉴于我必须将这些更改应用到很多计算机上,因此我正在寻找一种比从“ gpedit.msc”进行更改的最快方法。
1 个解决方案
解决方案1
2 已采纳 2014-10-20 17:31:17
Yes , it is possible to edit the local GPO using a Batch script. 是的 ,可以使用批处理脚本来编辑本地GPO。 Simply manipulate the GPO by editing the registry keys. 只需通过编辑注册表项来操纵GPO。 Note: Depending upon the GPO setting changed through the registry, you may need to log the user off before the change takes effect. 注意:根据通过注册表更改的GPO设置,您可能需要注销用户才能使更改生效。
Step 1 第1步
- Download the Microsoft Group Policy Setting Reference (Registry Keys List): 下载Microsoft组策略设置参考(注册表项列表):
http://www.microsoft.com/en-us/download/details.aspx?id=25250http://www.microsoft.com/en-us/download/details.aspx?id=25250
Step 2 第2步
- Get the policy registry location from the Spreadsheet 从电子表格获取策略注册表位置
egHKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient!AppendToMultiLabelName例如HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient!AppendToMultiLabelName
Step 3 第三步
- Use the
reg addcommand to edit the values as you need使用reg add命令根据需要编辑值
eg@reg add "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f例如@reg add "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f
Note 注意
- You may need to edit the GPO registry key in both the
MachineandUsersection of the registry along with theWOWsection.您可能需要在注册表的“ Machine和“User部分以及“WOW部分中编辑GPO注册表项。
eg@reg add "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f & @reg add "HKLM\\Software\\Wow6432Node\\Policies\\Microsoft\\Windows NT\\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f & @for /f "delims=" %A in ('reg query "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects" /k /f "*Machine" ^| find /i "HKEY"') do @reg add "%~A\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f & @reg add "%~A\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f例如@reg add "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f & @reg add "HKLM\\Software\\Wow6432Node\\Policies\\Microsoft\\Windows NT\\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f & @for /f "delims=" %A in ('reg query "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects" /k /f "*Machine" ^| find /i "HKEY"') do @reg add "%~A\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f & @reg add "%~A\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f
Breakdown of example: 细分示例:
- Update the value in the default location 在默认位置更新值
- Update the value in the secondary location for 64-bit OS 更新64位OS的辅助位置中的值
- Loop through the User GPOs 遍历用户GPO
- Update the value based on the default location 根据默认位置更新值
- Update the value based on the secondary location for 64-bit OS 根据64位OS的辅助位置更新值
- Update the value based on the default location
- Loop through the User GPOs
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.