poniedziałek, 29 maja 2017

How to configure Local Group Policy via PowerShell part 2

This is the 2st part of automatizng Local Group Policies.
In this post you will learn how to :

- Configure Local Group Policies





 Use commands below to check what has been set

Examples of using :

Check already set Local Policy restrictions  for the machine :

Get-PolicyFileEntry -Path C:\Windows\System32\GroupPolicy\Machine\Registry.pol -All



Check already set Local Policy restrictions for the users :

Get-PolicyFileEntry -Path C:\Windows\System32\GroupPolicy\User\Registry.pol -All

 

·         Now we can export this settings to .xml file using this command :

Get-PolicyFileEntry -Path C:\Windows\System32\GroupPolicyUsers\Machine\Registry.pol -All | Export-Clixml -Path C:\MachinePolicy.xml



 
The same trick is for user.

·         Finally, when we have prepared .xml files with policy restrictions for machine/users we can aplly them to another computer using script below : 

Import-Module -Name PolicyFileEditor

$UserDir = 'C:\Windows\System32\GroupPolicyUsers\S-1-5-32-545\User\registry.pol'
$UserPols = Import-Clixml -Path 'PATH\TO\EXPORTED\USER\POLICY\UsersPolicy.xml'

foreach ($UserPol in $UserPols)
{
    $UserPol | Set-PolicyFileEntry -Path $UserDir
}


$MachineDir = 'C:\Windows\System32\GroupPolicy\Machine\registry.pol'
$MachinePols = Import-Clixml -Path 'PATH\TO\EXPORTED\MACHINE\POLICY\ MachinePolicy.xml'

foreach ($MachinePol in $MachinePols)
{
    $MachinePol | Set-PolicyFileEntry -Path $MachineDir
}





Second way


·         We can also set restrictions more directly by using .ADMX files.
ADMX files are XML text files that describe what you see under Computer Configuration\Policies\Administrative Templates and User Configuration\Policies\Administrative Templates in Local Group Policy Editor.

C:\Windows\PolicyDefinitions
 
 





For example :

Desktop.admx


Set paths to User/Machine registry.pol

$MachineDir = "software\system32\GroupPolicy\Machine\registry.pol"

$UserDir = "software\system32\GroupPolicyUsers\User\registry.pol"

$RegPath =Software\Microsoft\Windows\CurrentVersion\Policies\Explorer’
$RegName = 'NoPropertiesRecycleBin'
$RegData = '0'
$RegType = 'DWord'


Set-PolicyFileEntry -Path $MachineDir -Key $RegPath -ValueName $RegName -Data $RegData -Type $RegType 





Post is inspired by Mr.Brandon Padgett.

http://brandonpadgett.com/powershell/Local-gpo-powershell/


Learn how apply firewall policies to another computer --->

Be Sharp Software
Autor: o

Brak komentarzy:

Prześlij komentarz

Subskrybuj: Komentarze do posta (Atom)