Link to home
Start Free TrialLog in
Avatar of boiseitllc
boiseitllcFlag for United States of America

asked on

Enforce Group Policy on multiple computers without Active Directory or Server

I have a group of 10 computers on a Peer to Peer network, I want to force some policies (mainly internet explorer, network connectivity and desktop appearance) to these computers.  I know that I can do it one by one without any problem by editing the group policy individually on each computer, what i would like to do, however, is have the group policy in tact (or registry settings) and just hit each computer quickly and force the policy.  Can a canned policy that I put on one computer be quickly replicated on each of the other machines without having to manually open the computer's group policy editor and manually changing every setting?  I understand that I would need to touch every machine to apply it, but just want an easier solution.

In a perfect world, I would have a file on at flash drive, apply that file to the machine and all the policies would take effect.

Reminder: I am not on a windows domain, just a Peer to Peer network.
Avatar of johnb6767
Flag of United States of America image

You can export the needed settings to a simple login script, that will enforce them on logon. But a savvy user will be able to use regedit to reverse anything there..... Even a Non Admin in some cases.....

Do you know which reg settings need to be applied?
Avatar of boiseitllc


I'm not all that worried about savy users here, just want the settings applied and locked.

Settings I am wanting to apply are as follows...

Set Desktop Wallpaper to a specific file.
Set Home Page in IE
Turn off ability to do the following...
   Delete Browsing History and Change Browsing History Settings
   Delete Browsing History on Exit
   Set IE Home Page
   Set or Change Proxy
   Add 4 URL's to Favorites Bar
Avatar of johnb6767
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Now you could also use HKLM settings if the following is in place.... (for the IE policies)

Then a non admin cant change them.....

REM 0 is user settings, 1 is MACHINE settings
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v "Security_HKLM_only" /t reg_dword /d "0x1" /f

Open in new window

Oh, and the Favorites Bar, just needs .URL shortcuts copied to them here....

So all I need to do is save this information as a .reg file and make the necessary changes and then apply it to the machine (s) right?
Sorry, no... .BAT file.....

Please test this to make sure you get the desired effects before deploying to the other systems though......

Ok.... We're close....

Changed the wallpaper but did not lock it.

Disabled the ability to lock the browsing history but did not turn off the browsing history manual delete section.

Did not change the home page or lock ability to change it

reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies" /v "NoDispBackgroundPage" /t reg_dword /d "0x1" /f

Hides the Desktop Tab... Will that work?

BRB with the others....
Hides the General Tab in IE Options....

reg add "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel" /v "GeneralTab" /t reg_dword /d "0x1" /f

Still interested..... Will suggest accepted comments if no response by next CV checkin....