[英]Unable to update group policy(local gpo) status to "Not Configured" using Powershell
With PowerShell, by updating corresponding registry keys we can able to toggle the local GPO status to "Enabled" or "Disabled", but I have a specific requirement to make sure that certain local GPOs are set to "Not configured".使用 PowerShell,通过更新相应的注册表项,我们可以将本地 GPO 状态切换为“已启用”或“已禁用”,但我有一个特定要求,以确保将某些本地 GPO 设置为“未配置”。 Tried deleting corresponding registry keys but it didn't help.尝试删除相应的注册表项,但没有帮助。
Is there any way to achieve this in PowerShell?有没有办法在 PowerShell 中实现这一点?
If I run Local Group Policy Editor
( gpedit.msc
) as Administrator
and set the Computer Configuration\\Administrative Templates\\System\\Removable Storage Access\\Removable Disks: Deny write access
policy to Enabled
or Disabled
, according toProcess Monitor
that is actually setting the Deny_Write
value at HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{GUIDGUID-GUID-GUID-GUID-GUIDGUIDGUID}Machine\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
.如果我以Administrator
身份运行Local Group Policy Editor
( gpedit.msc
) 并设置Computer Configuration\\Administrative Templates\\System\\Removable Storage Access\\Removable Disks: Deny write access
policy 为Enabled
或Disabled
,根据实际设置的Process Monitor
Deny_Write
值位于HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{GUIDGUID-GUID-GUID-GUID-GUIDGUIDGUID}Machine\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
.
If I modify, delete, or rename that Deny_Write
value as Administrator
then I see the change reflected in Local Group Policy Editor
when I edit/reopen that policy.如果我以Administrator
Deny_Write
修改、删除或重命名Deny_Write
值,那么当我编辑/重新打开该策略时,我会看到Local Group Policy Editor
反映的更改。 I'm not exactly certain how it is that a machine policy is being set under a user's registry;我不确定如何在用户注册表下设置机器策略; perhaps there's a symbolic link or loaded hive at play.也许有一个符号链接或加载的蜂巢在起作用。 Process Monitor
indicates that C:\\Windows\\System32\\GroupPolicy\\Machine\\Registry.pol
is also modified at the time I set the policy, so that must be the underlying storage for Group Policy
-based registry changes. Process Monitor
表明C:\\Windows\\System32\\GroupPolicy\\Machine\\Registry.pol
在我设置策略时也被修改,因此它必须是基于Group Policy
的注册表更改的底层存储。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.