How Do I Change Local Policy Settings via a batch file or script file?

Posted on 2004-09-10
Medium Priority
Last Modified: 2012-06-21
I have a mix of Win9x, 2000, and XP Pro machines on our NT Network. I have set local computer policies by: (in Win9x, using Policy Editor; in W2K & XP, using the MMC).

This is a rather tedious process that I have to go through whenever I need to access the machine to do a task.

Is there a way, via a batch file or script, that I can run that will release all the polices on the local computer so that now there aren't any policies, make my changes, then reapply the policies back after I am done?

For example, a policy is set to remove the "Run" command from the start menu.

On a Win9x computer, use Policy Editor on the Local Computer\Windows 98 System\Shell\Restrictions\Remove "Run" Command is checked. On the W2K/XP computer, you would navigate to Local Computer Policy\Admistrative Template\Start Menu & Taskbar\Desktop and "Enable" - Remove Rum Command from Start Menu.

Any help would be appreciative.

Thanks in advance.
Question by:mperez1216
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
LVL 17

Expert Comment

by:Jared Luker
ID: 12035679
Almost every setting in policy's are simply easy ways to tweak registrys.  If you could find out what keys get modified by that particular policy, then you could batch or script a way to change those settings, log out, back in, change what you want, and then reboot so that the policy would take hold again.

For example to disable the run line (from http://silverstr.ufies.org/blog/archives/000257.html)

Remove Run from the Start Menu

Value Name: NoRun
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disabled, 1 = enabled)

The policy's make things easy, but things can be controlled this way as well.

Personally, I'd lose the 98 machines! : )

Good luck,


Author Comment

ID: 12075194
But, how would you make these changes via a batch file. Do you use the regedit command with a parameter switch?

Or would it be easier to create a vb script to make the change. I have some familiarity with creating a batch file, but no familiarity with creating a vb script.

Is there a link that you can provide besides the one you mentioned. It appeared that the link provided a way to make changes via the registry editor, not a batch or script.

As you said, I want to be able to open a command prompt, run the batch to unlock the pc, do what I need to do, run the batch again to relock the pc, and walk away.

Expert Comment

ID: 12120355
I prefer to use REGINI to do this.

You would need to create a file with the settings you want and then use REGINI in the logon script to import the settings.

Keep in mind that the settings will only take effect at the next logon. If you want to get around this, you will have to find a way of running it before Explorer loads. This is easy on Terminal server but I'm not sure about normal workstations.
Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

LVL 17

Expert Comment

by:Jared Luker
ID: 12122193
If you are not familiar with vb script, then you can use regedit /s with the above information to silently import the reg file to the machine via login scripts.


Author Comment

ID: 12359748
Sorry for delay in getting back to you (all). I used the example quoted by jared and created two files; one to do the change and one to reset it back and it seemed to work.

But then I came across the following: Are the registry entries the same for both 2000 pro and XP pro? And what about a system that was upgraded to XP Pro?

Is there somewhere where I can find the registry entries to all the settings found in MMC/Local Computer Policy/Administrative Templates/all of the subfolders that I can copy into a reg file?

These are the items that I am interested in controlling. Nothing else.

Dumb question: If I used the MMC to "lock" down a pc and save the file to "Console1" (which is the default file name), can I take this file to another pc running the same os and apply the settings just by opening and closing the file?

Author Comment

ID: 12786611
Still waiting for reply to my posting from October ( I know it's December now. Halloween and Thanksgiving were hectic).

But I am genuinely interested in being able to open a script on any machine that will "unlock or open" the machine to me (as admin), do what I have to do, then run the script again to "lockdown or close" the machine to what it was prior to me touching it.

If there is a site that can point me to ALL the settings found in the MMC, that would be great. I can enter all the registry entries in a reg file and when I need to "unlock" the pc, I can just run this. Another reg file "locks" it back up.

Author Comment

ID: 12786625
Point value increased
LVL 17

Accepted Solution

Jared Luker earned 800 total points
ID: 12787212
You can save those settings to a security template (saved as an .inf file).  You can then go to each machine and import that .inf into the local security policy editor.

Here is how to export your security policies:


To answer your question about the regisry in 2000 and XP, they are MOSTLY the same.  The best way to find out what you are chaning in the regisry is to go and get a utility called Install Watch Pro (www.epsilonsquared.com).  Install watch is free.

Take a snapshot of your system and then make a change and then rescan and it will tell you what registry changes had been made.

LVL 17

Expert Comment

by:Jared Luker
ID: 13320828

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello I read in a discussion about a person who configured a very simple mirror RAID with two hard drives; the system and data were on the same partition. He asked how to repair the system as it was not booting up anymore. In his case running …
In this article we will discuss all things related to StageFright bug, the most vulnerable bug of android devices.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question