• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 910
  • Last Modified:

GPO Script

I want to write a BAT file or some kind of script to configure settings in Group policies, changing the setting to enables,disables,etc.... Can anyone tell me how to do this? We have multiple client servers that need changes to the GPO that I want to automate if possible. For example I want to accomplish the following in a script of some sort...


1.      Open the Group Policy Object Editor snap-in to edit the Group Policy object (GPO) that is used to manage Windows Firewall settings in your organization.
2.      Open Computer Configuration, open Administrative Templates, open Network, open Network Connections, open Windows Firewall, and then open either Domain Profile or Standard Profile, depending on which profile you want to configure.
3.      In the details pane, double-click Windows Firewall: Allow remote administration exception.
4.      In the Windows Firewall: Allow remote administration exception properties dialog box, on the Settings tab, click Enabled or Disabled.
5.      In the details pane, double-click Windows Firewall: Define port exceptions.
6.      In the Windows Firewall: Define port exceptions properties dialog box, on the Settings tab, click Enabled or Disabled.
7.      Next click Show and Add the following for the correct subnet -192.168.1.0/24:enabled:Remote Registry   or   *:enabled:Remote Registry
8.      gpupdate /force

Locations
Windows 2003 - Windows Firewall: Allow remote administration exception
                              Windows Firewall: Define port exceptions

Windows 2008 - Windows Firewall: Allow inbound remote administration exception
                               Windows Firewall: Define inbound port exceptions
0
aando
Asked:
aando
  • 2
1 Solution
 
DhaestCommented:
I've requested that this question be deleted for the following reason:

The question has either no comments or not enough useful information to be called an "answer".
0
 
thombeckCommented:
Hi,

there exists two methods to do this:
1. as a quick and dirty one:
the group policy is loaded at the registry, so it's possible to set the registry value and then the policy would be used.
--> BUT these policies were not shown at the GPO-Editor (and if there are some settings at GPO-Editor abd at Registry it can causes problems)

2. This is a little bit more complicated:
The group policy are stored in .pol files. These files can be found at
C:\Windows\System32\GroupPolicy\user\Registry.pol   <-- user specific group policies
C:\Windows\System32\GroupPolicy\machine\Registry.pol <-- machine specific group policies


There exists a vbscript "readpol.vbs" which can read and write these files from text-files (you can find it: )
We use this script to read the settings, use another script to change the returned txt file and set the new settings and then we use readpol.vbs again to set the settings.
0
 
thombeckCommented:
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now