Is it possible to use a batch file to edit a local GPO ?
What I am exactly trying to do:
I want to create a "New Software Restriction Policies".
Change a parameter value in the "Enforcement".
Add a new path rule with a specific path.
I am not looking for you to create the script. I just want to know if this is possible to do it with a batch file & and some idea to help me start with this task.
This procedure is not really complicated and can be done manually. Given that I have to apply these change for a lot of computer, I am looking for a fastest way than doing it from the "gpedit.msc".
Yes, it is possible to edit the local GPO using a Batch script. Simply manipulate the GPO by editing the registry keys. Note: Depending upon the GPO setting changed through the registry, you may need to log the user off before the change takes effect.
Step 1
Download the Microsoft Group Policy Setting Reference (Registry Keys List):
http://www.microsoft.com/en-us/download/details.aspx?id=25250
Step 2
Get the policy registry location from the Spreadsheet
e.g. HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!AppendToMultiLabelName
Step 3
Use the reg add command to edit the values as you need
e.g. #reg add "HKLM\Software\Policies\Microsoft\Windows NT\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f
Note
You may need to edit the GPO registry key in both the Machine and User section of the registry along with the WOW section.
e.g. #reg add "HKLM\Software\Policies\Microsoft\Windows NT\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f & #reg add "HKLM\Software\Wow6432Node\Policies\Microsoft\Windows NT\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f & #for /f "delims=" %A in ('reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects" /k /f "*Machine" ^| find /i "HKEY"') do #reg add "%~A\Software\Policies\Microsoft\Windows NT\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f & #reg add "%~A\Software\Policies\Microsoft\Windows NT\DNSClient" /v AppendToMultiLabelName /t REG_DWORD /d 1 /f
Breakdown of example:
Update the value in the default location
Update the value in the secondary location for 64-bit OS
Loop through the User GPOs
Update the value based on the default location
Update the value based on the secondary location for 64-bit OS
Source
Related
I am trying to change the value of a reg_dword entry: start in location: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hidserv
to value 2.
I tried already exacting code from several sites, nothing works and I am launching it as admin:
REG.exe ADD "Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hidserv" /t REG_DWORD /v Start /d 2 /f
REG ADD "Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hidserv" /t REG_DWORD /v Start /d 2 /f
REG.exe ADD "Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hidserv" /v "Start" /t REG_DWORD /d 2 /f
On every site there was information with slight difference, but i don't think order matter, maybe "".
What is the correct syntax for adding a registry value as described above?
Your problem is the Computer.
Indeed, the order of the options does not matter. Also it doesn't matter if you call REG or REG.exe.
Usually, the inbuilt help is also your friend:
reg add /?
Which tells you that Computer is the (network) name of the remote computer and can be omitted to use the current (local) computer as default.
This line works fine (as any other of yours without the Computer\:
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hidserv" /t REG_DWORD /v Start /d 3 /f
Offtopic: Check out the other networks of stackexchange. I'd think this question would be more suitable for https://superuser.com/.
Using windows, I'd like to know if there is some way to change proxy configuration by modifying the Windows registry through command line.
As said here, you can always do:
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
or
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 1 /f
This does uncheck the proxy option (see image). However, it does not applies the changes in the system. In other words, you get the option to be checked/unchecked, but it won't be applied unless you don't enter manually in the dialog and press "Accept".
Does anyone know what command makes it work straightforward?
I'm trying to edit the Registry value using a batch file, this is what I currently have:
#echo off
reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer" /v "1" /t REG_SZ /d "DisableThumbsDBOnNetworkFolders" /f
pause
This is what I'm trying to edit:
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ Explorer]
DisableThumbsDBOnNetworkFolders REG_DWORD 0x00000001
I want to set the value to 1 (0x00000001) (By default it's 0x00000000)
But my cmd file creates another value named DisableThumbsDBOnNetworkFolders .
What did I do wrong?
You have a couple problems.
The /v parameter is the value name, in your case DisableThumbsDBOnNetworkFolders, and the /d parameter should be the actual value.
It looks like DisableThumbsDBOnNetworkFolders is a REG_DWORD, but you are specifying it as REG_SZ with the /t parameter.
Try this command:
REG ADD "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer" /v "DisableThumbsDBOnNetworkFolders" /t REG_DWORD /d 1 /f
I want to disable a standard user from accessing the task manager. With gpedit.msc this works without problems, but I need to do this from the Windows registry. I already tried assigning 1 to the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DiableTaskMgr, but it is not working.
I use a bat file:
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskMgr /t REG_DWORD /d 1 /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableChangePassword /t REG_DWORD /d 1 /f
taskkill /IM explorer.exe /F
I have a script that runs (without error) to change the desktop wallpaper. The only problem is that it doesn't change the wallpaper. The registry entry is changed appropriately, so that bits working. Just the reloading is not working.
:: Configure Wallpaper
REG ADD "HKCU\Control Panel\Desktop" /V Wallpaper /T REG_SZ /F /D "C:\Users\greynolds\AppData\Roaming\APOD Wallpaper\apod_wallpaper1.png"
REG ADD "HKCU\Control Panel\Desktop" /V WallpaperStyle /T REG_SZ /F /D 0
REG ADD "HKCU\Control Panel\Desktop" /V TileWallpaper /T REG_SZ /F /D 2
:: Make the changes effective immediately
%SystemRoot%\System32\RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters
UpdatePerUserSystemParameters is a undocumented function AFAIK
ReactOS defines it as: BOOL WINAPI UpdatePerUserSystemParameters(DWORD dwReserved,BOOL Enable)
That function definition means that it is not a function you can call with RunDll32 (You end up passing random parameters to the function)
Here how you call this function but better to use documented API:
RUNDLL32.EXE USER32.DLL,UpdatePerUserSystemParameters 1 True
As of this writing (in my experience) setting up HKCU\Control Panel\Desktop more often would not work.
The best solution is to call win32 api function SystemParametersInfoSetWallpaper - it works every time. I found this powershell module/snippet to be quite helpful https://gallery.technet.microsoft.com/scriptcenter/Change-window-borderdesktop-609a6fb2