How to change group policy via command line?
Question
I want to update group policy in windows server using command line. I don't want programatic way. I read this & this , and then tried delete registry keys based on the mapping of group policy and registry keys, but the group policy didn't got updated.
Specifically, I want to set Computer Configuration\Administrative Templates\Windows Components\Windows Update\Configure Automatic Updates to Not configured in group policy.
So, I ran following commands,
C:\Windows\system32>reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v ScheduledInstallTime /f
The operation completed successfully.
C:\Windows\system32>reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v ScheduledInstallDay /f
The operation completed successfully.
C:\Windows\system32>reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoUpdate /f
The operation completed successfully.
C:\Windows\system32>reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v AUOptions /f
The operation completed successfully.
But after that the group policy wasn't updated. Do I need to run another command to propagate my registry changes to group policy? If yes, what is it? What am I missing?
I tried, gpupdate /force , it overrided my registry changes. I need converse of this.
4 answers
solution1
7 2016-11-01 08:41:09
How to change group policy from the command line? Voila:
solution2
2 2016-10-03 20:50:34
For group policy objects in a domain, registry-based group policy settings can be configured from the command line using Powershell. If you are not running on a domain controller, the Group Policy Management Console must be installed.
See Group Policy Cmdlets in Windows PowerShell and in particular the Set-GPRegistryValue cmdlet .
You can of course run a Powershell command from the legacy command line, eg,
powershell get-gpregistryvalue -Name gpo-name -Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -ValueName AUOptions
As far as I know, there is no command-line solution for local group policy. For local group policy, see Glenn's answer.
solution3
2 2016-11-03 16:53:42
Set-GPRegistryValue is the way to go here. The problem, which is common, is that you have the GP path and you need to raw data. You can get the raw data (Keypath and value) from the settings spreadsheet, from the ADMX file (if administrative template setting) or from a free tool call registry.pol viewer from GPOGuy.
The commands you put up clean up registry data, these cmdlets don't do that. They add values to the registry.pol file (or registry.xml for GP Preference) stored in the GPO. Those settings are then sent down to target systems and applied to registry. Also, for non-registry based policy and ability to automate settings across local policies search "Group Policy Automation" there is a solution out there you may want to look at.
solution4
0 2022-09-22 09:10:35
Group Policy Settings Reference for Windows and Windows Server
https://www.microsoft.com/en-us/download/details.aspx?id=25250 https://download.microsoft.com/download/8/F/B/8FBD2E85-8852-45EC-8465-92756EBD9365/Windows10andWindowsServer2016PolicySettings.xlsx
Mostly stored in the registry. Find the reference above, then use reg.exe command line to modify them.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.