First of all I'm not an expert in either Windows or Group Policy scripting but one of my tasks is to configure XP machines which are destined to be NOT network. Consequently I've used VBScript to change Registry settings but now I have some settings in the Group Policy which I currently configure by hand but want to script these or automate it in someway.
Could anyone tell me if I can make changes to the Group Policy using VBscript or do I need to use something else?
I found this page which outlines some possibilities but there's not much detail and I can't yet find follow up articles.
** Additional Information **
Using gpedit.msc I currently manually set the following settings in the GUI:
- Computer Configuration > Administrative Templates > System > Logon > Always wait for the network at computer startup and logon
- Computer Configuration > Administrative Templates > System > Turn Off Autoplay
- Computer Configuration > Windows Settings > Security Settings > User Rights Assignment > Access this computer from the network
- Computer Configuration > Windows Settings > Security Settings > User Rights Assignment > Deny access to this computer from the network
- Computer Configuration > Windows Settings > Security Settings > User Rights Assignment > Deny logon locally
- Computer Configuration > Windows Settings > Security Settings > User Rights Assignment > Logon Locally
- Computer Configuration > Windows Settings > Security Settings > Security Options > Network access: Shares that can be accesses from the network
I want to be able to script these changes using VBScript or some other means (.NET perhaps?)
I have found that for a couple of the above settings I can alter them directly in the registry but the changes are not seen in the Group Policy editor (gpedit.msc)
Answer
It's possible, yes.
Not really advisable, because the supported and recommended way to do this is through the gpedit.msc tool (or GPOs on a domain). As a result, doing it with a script is semi-documented at best, and you do run into some oddities trying.
If you're still determined to try, theses settings are really just registry keys. If can figure out which keys are changed, it's trivial to script something up to import all those registry keys and end up with the desired configuration. I'd just use a batch file, honestly.
The problem you'll run into, however, is that these changes need to be saved to %SYSTEM ROOT%\System32\GroupPolicy\User\Registry.pol to be enforced as local group policy, and I don't know of a good scripted solution to that, so the common workaround is to set this up the way you want on a second machine, and copy the %SYSTEM ROOT%\System32\GroupPolicy\User folder and files to your target machines.
I personally find the whole thing to be such a pain that I'd rather set up a small domain than go through that process to apply automate applying local group policy.
No comments:
Post a Comment