GPO Script

Posted on 2012-09-14
Last Modified: 2013-01-21
I want to write a BAT file or some kind of script to configure settings in Group policies, changing the setting to enables,disables,etc.... Can anyone tell me how to do this? We have multiple client servers that need changes to the GPO that I want to automate if possible. For example I want to accomplish the following in a script of some sort...

1.      Open the Group Policy Object Editor snap-in to edit the Group Policy object (GPO) that is used to manage Windows Firewall settings in your organization.
2.      Open Computer Configuration, open Administrative Templates, open Network, open Network Connections, open Windows Firewall, and then open either Domain Profile or Standard Profile, depending on which profile you want to configure.
3.      In the details pane, double-click Windows Firewall: Allow remote administration exception.
4.      In the Windows Firewall: Allow remote administration exception properties dialog box, on the Settings tab, click Enabled or Disabled.
5.      In the details pane, double-click Windows Firewall: Define port exceptions.
6.      In the Windows Firewall: Define port exceptions properties dialog box, on the Settings tab, click Enabled or Disabled.
7.      Next click Show and Add the following for the correct subnet - Registry   or   *:enabled:Remote Registry
8.      gpupdate /force

Windows 2003 - Windows Firewall: Allow remote administration exception
                              Windows Firewall: Define port exceptions

Windows 2008 - Windows Firewall: Allow inbound remote administration exception
                               Windows Firewall: Define inbound port exceptions
Question by:aando
    LVL 53

    Expert Comment

    I've requested that this question be deleted for the following reason:

    The question has either no comments or not enough useful information to be called an "answer".
    LVL 2

    Accepted Solution


    there exists two methods to do this:
    1. as a quick and dirty one:
    the group policy is loaded at the registry, so it's possible to set the registry value and then the policy would be used.
    --> BUT these policies were not shown at the GPO-Editor (and if there are some settings at GPO-Editor abd at Registry it can causes problems)

    2. This is a little bit more complicated:
    The group policy are stored in .pol files. These files can be found at
    C:\Windows\System32\GroupPolicy\user\Registry.pol   <-- user specific group policies
    C:\Windows\System32\GroupPolicy\machine\Registry.pol <-- machine specific group policies

    There exists a vbscript "readpol.vbs" which can read and write these files from text-files (you can find it: )
    We use this script to read the settings, use another script to change the returned txt file and set the new settings and then we use readpol.vbs again to set the settings.
    LVL 2

    Expert Comment


    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    How to remove superseded packages in windows w60 or w61 installation media (.wim) or online system to prevent unnecessary space. w60 means Windows Vista or Windows Server 2008. w61 means Windows 7 or Windows Server 2008 R2. There are various …
    A short article about a problem I had getting the GPS LocationListener working.
    Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
    In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now