stackoom
  简体   繁体   中英

Edit a GPO with a script

 原文  2014-10-20 17:22:40       windows/ batch-file/ windows-7

Question

Is it possible to use a batch file to edit a local GPO ?

What I am exactly trying to do:

  • I want to create a "New Software Restriction Policies".
  • Change a parameter value in the "Enforcement".
  • Add a new path rule with a specific path.

I am not looking for you to create the script. I just want to know if this is possible to do it with a batch file & and some idea to help me start with this task.

This procedure is not really complicated and can be done manually. Given that I have to apply these change for a lot of computer, I am looking for a fastest way than doing it from the "gpedit.msc".

1 answers

solution1
 2 ACCPTED  2014-10-20 17:31:17

Yes , it is possible to edit the local GPO using a Batch script. Simply manipulate the GPO by editing the registry keys. Note: Depending upon the GPO setting changed through the registry, you may need to log the user off before the change takes effect.

Step 1

Step 2

  • Get the policy registry location from the Spreadsheet
    eg HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient!AppendToMultiLabelName

Step 3

  • Use the reg add command to edit the values as you need
    eg @reg add "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f

Note

  • You may need to edit the GPO registry key in both the Machine and User section of the registry along with the WOW section.
    eg @reg add "HKLM\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f & @reg add "HKLM\\Software\\Wow6432Node\\Policies\\Microsoft\\Windows NT\\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f & @for /f "delims=" %A in ('reg query "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects" /k /f "*Machine" ^| find /i "HKEY"') do @reg add "%~A\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f & @reg add "%~A\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f

Breakdown of example:

  • Update the value in the default location
  • Update the value in the secondary location for 64-bit OS
    • Loop through the User GPOs
      • Update the value based on the default location
      • Update the value based on the secondary location for 64-bit OS

Source

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Install Fusioninventory with .bat, with GPO Policy script GPO Run powershell startup script without waiting for it Register-WmiEvent Powershell script as a local GPO - Control USB how to Elevating Privileges for Chkdsk in a mass batchfile/Powershell script in a GPO Hide outlook 2016 icon from start menu using GPO or Script How to run logon .bat script by GPO with domain users Invoke command error, trying to get linked GPO's from specific OU from dc by script DSC used to configure GPO? Windows Firewall GPO Precedence Create SymLink with GPO
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM