I came across your pol file editor and I am trying to make local GOP changes on a Windows 2012 R2 VPS. I have limited Powershell (and Windows) programming experience so my code is based on the examples in this post. Am not getting any errors but am not seeing any changes either. Any ideas? My environment is 2012 R2, with PowerShell 4.0, PowerShell 2.0 Engine, .NET 3.5 (including 2.0/3.0), .NET 4.5 features installed. Any help with this is greatly appreciated.
Other than the -ErrorVariable Stop bit (should be -ErrorAction), I don’t see anything obviously wrong with your code. You can search for a free utility called polviewer.exe to double check that the registry setting you specified was added to the registry.pol file.
Thanks Dave. After taking another look I realized I needed to update the local group policy for the changes to apply. The following lines did the trick.
your c# code is working properly for the current user(administrator) who runs the code… but i want to restrict a specific user, how an administrator can restrict some group policy setting to a specific user … please help me out…
Depends on what version of Windows you’re running. Starting in Server 2008, you can create user-specific local GPOs. If I remember correctly, those go into C:\Windows\System32\GroupPolicyUsers(SID)\registry.pol. Those files can be managed with the same PolFileEditor class as in the example code earlier in this thread; you just pass a different path to LoadFile().
For server 2003, you’re out of luck. There were only a single User and Computer registry.pol file, and no way to apply settings to specific users or groups without using Active Directory GPOs.
Just thinking aloud here, but maybe (aka big disclaimer…) one way you could do this synthetically would be to define the ‘run’ setting for the user policy, configuring it to perform a reg.exe operation on the appropriate key. Also set an ACL on the branch of the registry affected to block/allow as required via in the local policy. Set the permissions to be linked to either local or domain based membership, or just local or domain users. Because the runonce action itself (not the application of the policy setting) should be running in the user context it means the key can be evaluated based on the user logging in and processed accordingly. Would mean you’re a bit goosed if that registry branch contains other keys that you need to be set by policy…
First of all thanks for the script it works as a charm,
Now to my question:
I’m not a powershell master nor a C# master, but i would like to delete a reg entry in the local policy file.
I found the “DeleteValue” in the PolFilEditor.cs but i have tried to use in the powershell script provided here but it does not work.
Do you have any suggestion how-to accomplish this?
hii Dave Wyatt, actually i am using windows 7 professional and it is a stand alone system , in this system there are many users. and if a administrator wants to restrict a specific user how to do that… Initially C:\Windows\System32\GroupPolicyUsers\ contains no file or folder… how to do that… please help me out…
hii Dave Wyatt, actually i am using windows 7 enterprise edition and it is a stand alone system , in this system there are many users. and if a administrator wants to restrict a specific user how to do that… Initially C:\Windows\System32\GroupPolicyUsers\ contains no file or folder… how to do that… please help me out…
My issue:
[i] First of all thanks for the script it works as a charm,
Now to my question:
I’m not a powershell master nor a C# master, but i would like to delete a reg entry in the local policy file.
I found the “DeleteValue” in the PolFilEditor.cs but i have tried to use in the powershell script provided here but it does not work.
Do you have any suggestion how-to accomplish this?[/i]
Is solved, the problem was how i interpreted the code in Pol file.
Hello Dave,
I want to automate a task in Windows server 2012 R2 where we need to enable “Allow DNS Suffix Appending to Unqualified MultiLable Name Query” and “Click on Allow NetBT queries for fully qualified domain name”. This can be found in the path Gpedit.msc – >Computer Configuration ->Administrative Templates ->DNS Client. I tried to change registry keys but it is not reflecting on GUI. As reference to earlier post, I tried with below code, but is not working for me.