Edit Group Policy Date

Hello,
I have two different group policies that we use to patch our PCs each month. I don’t have to edit the group policies themselves I need to edit the dates each month, this setting is found if you right click the group policy then edit it, Computer Configuration → Preferences → Control Panel Settings → Scheduled Tasks. Would it be possible to write a script that could edit the dates found there or is that too complex? Thanks!

Ian,
Welcome to the forum. :wave:t4:

That depends pretty much on your knowledge. :wink:

If those policies you’re refering to are registry based you could use

or

If not you could still try to use the cmdlets

to save the settings of the desired GPOs to files, manipulate them there and write them back with either

or

I will give it a shot, thank you very much!

Hey so I think I should be able to make this work, the only problem I am running into is finding the registry values of the group policy settings. I’m in a situation where I cannot use outside resources such as Group Policy Search or some of these other programs. Do you know of any built in way to find registry values or would I just have to manually look through the entire registry and hopefully find them? I found that you can search individual HKEY folders by keyword but every time I put something in it would just say “search has completed” but it wouldn’t return anything.

Maybe this will help. I am pretty sure not all GPO settings can be translated to a registry value, but hopefully, the ones you want are in this reference.

https://docs.microsoft.com/en-us/previous-versions/ms815238(v=msdn.10)?redirectedfrom=MSDN

Let me add some information to my original post, the first group policy is set to run a script to patch our systems 5x so there are 5 dates that I have to go in and manually change every month when we’re ready to patch. Same with the second GPO, it is set to reboot the PCs 3x in between patching so there are 3 dates I have to change in there. I have to go into each policy and change the dates via Computer Configuration → Preferences → Control Panel Settings → Scheduled Tasks. My knowledge of the registry is very very slim but I’ve been doing a lot of reading on it. From what I can gather there should be a key in there that contains those dates and I should be able to pull that key and modify those values via a script… I think…? I apologize for my lack of knowledge I just started as an Admin in July of last year so I’m very new to all this but I’ve been doing a lot of research. I appreciate any help offered. Edit: Maybe I’m taking this way too deep and there’s a much easier way to accomplish this? I have to imagine there is but like I said my knowledge is quite juvenile.

If it’s creating a scheduled task why aren’t you just setting the tasks to repeat monthly?

Because we can’t run them exactly monthly, we have to set up a date with the users and management and it changes all the time. We also don’t get the patches on a specific date, we have one guy who handles them and we get them when we get them, sadly it’s all very sporadic.

Hmmm … that all sounds a little bit hacky. :smirk:

I assume you’re not talking about MSFT Windows patches, right? If it were you should think about using WSUS. It’s free and it’s made for. You can even deploy third party patches or software with it.
IMHO the most professional solution would be to use a software deployment solution like SCCM or something similar.

If you don’t want or cannot use something more professional and since you’re already using locally running scheduled tasks anyway, why not configuring a regularly running scheduled task who checks a centralized item - a shared folder or settings file on a shared folder for existence or for the content? Depending on the existence or the content you could run the according actions. This way you don’t have to reconfigure all computers again and again and again.

Did you try the suggestion I made in my first answer? I mean to backup the desired GPO, manipulate the desired setting in the XML files and restore the changed GPO. I’d expect this to be the least impact on your existing process and still provides some level of automation.

We use WSUS in other areas but it hasn’t been migrated to where I work yet, I’m hoping it will be soon but I believe we are low on the list priority wise. :frowning: I’m working with an air gapped LAN which is why I can’t use any outside resources. I’m in the process of working on your first response, I’m setting up a test server 2016 and all that nonsense so I have a test environment. I appreciate all the help so far and I will keep you apprised of my “progress.”

You can still use WSUS in an air gapped environment. Not as easy as having internet, but you simply export from an online system and import that into your air gapped WSUS. We do that all the time on our larger air gapped networks.

This might also help … but I would think this would be a real pain if there are a lot of system. If there are only a few, this tool might work.

https://download.wsusoffline.net/

I was talking to another admin that I work with yesterday and he just had PDQ implemented in another area and I think I’m going to take that route. I’m definitely still going to be messing around with PowerShell a lot I really enjoy it and I appreciate everyone’s help that contributed to this, I learned a lot!