堆栈内存溢出
  简体   繁体   English

无法使用 Powershell 将组策略(本地 gpo)状态更新为“未配置”

[英]Unable to update group policy(local gpo) status to "Not Configured" using Powershell

 原文  2020-03-31 04:05:25       windows/ powershell/ gpo

问题描述

With PowerShell, by updating corresponding registry keys we can able to toggle the local GPO status to "Enabled" or "Disabled", but I have a specific requirement to make sure that certain local GPOs are set to "Not configured".使用 PowerShell,通过更新相应的注册表项,我们可以将本地 GPO 状态切换为“已启用”或“已禁用”,但我有一个特定要求,以确保将某些本地 GPO 设置为“未配置”。 Tried deleting corresponding registry keys but it didn't help.尝试删除相应的注册表项,但没有帮助。

Is there any way to achieve this in PowerShell?有没有办法在 PowerShell 中实现这一点?

1 个解决方案

解决方案1
 0 已采纳  2020-03-31 05:24:41

If I run Local Group Policy Editor ( gpedit.msc ) as Administrator and set the Computer Configuration\\Administrative Templates\\System\\Removable Storage Access\\Removable Disks: Deny write access policy to Enabled or Disabled , according toProcess Monitor that is actually setting the Deny_Write value at HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{GUIDGUID-GUID-GUID-GUID-GUIDGUIDGUID}Machine\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} .如果我以Administrator身份运行Local Group Policy Editor ( gpedit.msc ) 并设置Computer Configuration\\Administrative Templates\\System\\Removable Storage Access\\Removable Disks: Deny write access policy 为EnabledDisabled ,根据实际设置的Process Monitor Deny_Write值位于HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{GUIDGUID-GUID-GUID-GUID-GUIDGUIDGUID}Machine\\Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} .

If I modify, delete, or rename that Deny_Write value as Administrator then I see the change reflected in Local Group Policy Editor when I edit/reopen that policy.如果我以Administrator Deny_Write修改、删除或重命名Deny_Write值,那么当我编辑/重新打开该策略时,我会看到Local Group Policy Editor反映的更改。 I'm not exactly certain how it is that a machine policy is being set under a user's registry;我不确定如何在用户注册表下设置机器策略; perhaps there's a symbolic link or loaded hive at play.也许有一个符号链接或加载的蜂巢在起作用。 Process Monitor indicates that C:\\Windows\\System32\\GroupPolicy\\Machine\\Registry.pol is also modified at the time I set the policy, so that must be the underlying storage for Group Policy -based registry changes. Process Monitor表明C:\\Windows\\System32\\GroupPolicy\\Machine\\Registry.pol在我设置策略时也被修改,因此它必须是基于Group Policy的注册表更改的底层存储。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用 PowerShell 编辑本地组策略 - How to Edit Local Group Policy using PowerShell Windows Server AD 2022 - 使用 PowerShell 通过 GPO 将域用户添加到本地组“远程桌面用户” - Windows Server AD 2022 - Add a domain user to the local group "Remote Desktop Users" via GPO using PowerShell 通过.NET \\ C#使用组策略对象(GPO) - Using Group Policy Object (GPO) via .NET\C# 用本地策略覆盖默认域GPO - Override default domain GPO with local policy 使用VBScript查询本地组策略 - Querying Local Group Policy using VBScript "如何使用 PowerShell + GPO 在文件夹内搜索" - How to search inside folder using PowerShell + GPO 将WmiEvent Powershell脚本注册为本地GPO-控制USB - Register-WmiEvent Powershell script as a local GPO - Control USB Windows - Powershell - 配置“本地组策略编辑器 >... > 帐户锁定策略 > 帐户锁定阈值 > 无效登录尝试” - Windows - Powershell - Configure "Local Group Policy Editor > ... > Account Lockout Policy > Account lockout threshold > invalid logon attempts" 错误:使用组策略运行 Powershell 启动脚本时出现 CallDepthOverflow - Error: CallDepthOverflow when running Powershell startup scripts using Group Policy 使用Powershell向本地用户添加本地组时出错 - Error while adding a local group to local user using powershell
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM