• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 928
  • Last Modified:

GPO Script

I want to write a BAT file or some kind of script to configure settings in Group policies, changing the setting to enables,disables,etc.... Can anyone tell me how to do this? We have multiple client servers that need changes to the GPO that I want to automate if possible. For example I want to accomplish the following in a script of some sort...

1.      Open the Group Policy Object Editor snap-in to edit the Group Policy object (GPO) that is used to manage Windows Firewall settings in your organization.
2.      Open Computer Configuration, open Administrative Templates, open Network, open Network Connections, open Windows Firewall, and then open either Domain Profile or Standard Profile, depending on which profile you want to configure.
3.      In the details pane, double-click Windows Firewall: Allow remote administration exception.
4.      In the Windows Firewall: Allow remote administration exception properties dialog box, on the Settings tab, click Enabled or Disabled.
5.      In the details pane, double-click Windows Firewall: Define port exceptions.
6.      In the Windows Firewall: Define port exceptions properties dialog box, on the Settings tab, click Enabled or Disabled.
7.      Next click Show and Add the following for the correct subnet - Registry   or   *:enabled:Remote Registry
8.      gpupdate /force

Windows 2003 - Windows Firewall: Allow remote administration exception
                              Windows Firewall: Define port exceptions

Windows 2008 - Windows Firewall: Allow inbound remote administration exception
                               Windows Firewall: Define inbound port exceptions
  • 2
1 Solution
I've requested that this question be deleted for the following reason:

The question has either no comments or not enough useful information to be called an "answer".

there exists two methods to do this:
1. as a quick and dirty one:
the group policy is loaded at the registry, so it's possible to set the registry value and then the policy would be used.
--> BUT these policies were not shown at the GPO-Editor (and if there are some settings at GPO-Editor abd at Registry it can causes problems)

2. This is a little bit more complicated:
The group policy are stored in .pol files. These files can be found at
C:\Windows\System32\GroupPolicy\user\Registry.pol   <-- user specific group policies
C:\Windows\System32\GroupPolicy\machine\Registry.pol <-- machine specific group policies

There exists a vbscript "readpol.vbs" which can read and write these files from text-files (you can find it: )
We use this script to read the settings, use another script to change the returned txt file and set the new settings and then we use readpol.vbs again to set the settings.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now