disable - local security policy

googleuser21 · April 7, 2015, 6:08am

scenario - for certain reasons I have about 30 machines on a workgroup…once a month I have to go to each workstation and uncheck the below items.

go to local computer Policy > Right Click > uncheck disable computer configuration settings and also uncheck disable user configuration settings.

issue:
I don’t see the option to uncheck these items with something like the below using secedit.

secedit /export /cfg c:\secpol.cfg
(gc C:\secpol.cfg).replace(“xxxt = 1”, “xxx = 0”) | Out-File C:\secpol.cfg
secedit /configure /db c:\windows\security\local.sdb /cfg c:\secpol.cfg /areas SECURITYPOLICY
rm -force c:\secpol.cfg -confirm:$false

any guidance would be greatly appreciated.

even if its just a registry value it would be great to know where these values are stored.

Much thanks to everyone on this great board!

daniel-krebs · April 7, 2015, 4:56pm

Try to change the Options value in C:\Windows\System32\GroupPolicy\gpt.ini to 0 and reboot at least once to check if it sticks.

[attachment file=“gpt.PNG”]

googleuser21 · April 8, 2015, 1:02am

Daniel,

I know how to change values with powershell within the registry. Is there a way to change with value within an .ini file?

I notice the gpt.ini file has other values so I’d like to only change the option to 0 instead of replacing the entire file.

Your helping IS VERY VERY much appreciated!

Thanks Daniel!

daniel-krebs · April 11, 2015, 5:57pm

Sorry to the delayed reply. The following short script updates the INI file but only changes the Options line.

Param (

    $FilePath = 'C:\Windows\System32\GroupPolicy\gpt.ini',
    $OptionsValue = 0
)

$Content = @(Get-Content -Path $FilePath)
for ($i = 0; $i -lt $Content.Count; $i++) {

    if ($Content[$i].StartsWith('Options=') -and $Content[$i] -ne "Options=$OptionValue") {

        $Content[$i] = "Options=$OptionsValue"
    }
}
$Content | Out-File -Encoding ascii -FilePath $FilePath

googleuser21 · April 13, 2015, 2:07am

Daniel

I created the above script and the file isn’t updated.

Note - I’m not getting any errors either. Do you have any advise?

Thanks so much !

googleuser21 · April 13, 2015, 5:35am

Daniel I figured it out.

the values are case sensitive. for options, within the ini file the O is upper case. Much thanks Daniel.

It would be nice to add some type of output to ensure that the value was successfully change. Any ideas on that?

googleuser21 · April 13, 2015, 5:41am

I just noticed that I can use a foreach statement to run this against multiple workstations, can anyone help me out on this one?

Topic		Replies	Views
Powershell & Local Security Policy Help PowerShell Help	5	225	June 19, 2019
Configure Local GPE state from Powershell script PowerShell Help	2	177	September 3, 2014
Assistance with changing local security policy PowerShell Help	5	179	November 20, 2020
How to edit Local Group Policy by powershell? PowerShell Help	2	256	December 28, 2022
New Request: Operate Local GPO with cmdlet -- I just want my life more easy PowerShell Help	2	170	April 26, 2019

disable - local security policy

Related Topics