set local group policy using a script

[Guest]

Hi,

Is it possible to set a Local Group policy using wsh (set policy using the
registry is not an option) ?

thanx in advance ..

Martin

 

[Stew Basterash]

Yes...

Create a security template and apply it using Secedit.exe...

Stew Basterash.

 

[Guest]

Hi,
Thanks for the reply,

So if I want to export gpedit.msc-Computerconfiguration -Administrative
Templates-Windows components-Windows installer settings , for automatically
implementation on other computers (no ad access), how do I use Secedit for
this ?

\Martin

 

[george]

create MMC
add snapins:
Security Configuration and Analysis
and
Security Templates.
Take one to the (most appropriate) Security templates and copy it (ie, right
click it and Save As... with your own name.
Go into this new template and set all the options the way you want them
(eventually on multiple machines) and save the template back to disk.
Now click on Security Configuration and Analysis and follow the instructions
on the right hand side to create a new Database with your required settings
inthere.
Then look up the secedit command parameters, notably to see the "secedit
/configure" .
just enter secedit on the command line and follow the helpinfo from there.
This should get you where you want to go.
hope it wasn't too confusing and helps you further.

george

 

[Guest]

Hi,
Thanx for the answer,

The settings I want to export and import is not the security settings.

The security settings you see in the "Security Templates" mmc is the same as
in gpedit.msc - Computer Configuration - Windows settings - Security Settings

And the policy's I want to export and import (automatic) is located in
gpedit.msc-Computerconfiguration -Administrative- Templates-Windows
components-Windows installer settings.

They are not listed in the "Security Templates" mmc !!

The template for the settings in gpedit.msc-Computerconfiguration
-Administrative- Templates, are stored i .adm files in the %windir%\inf
folder.

But these files at just templates, for the policy. I want to know if it is
possible to change these policy's "programtically" by using a script.

\Martin

 

[george]

I guess, if you know (or can figure out) where these settings go in the
registry (if at all) then it is always possible to set them programmatically
by script (.vbs or .reg or so)

Don't know where they go, however.... :-((

george

 

[igor_k]

*Hi,

Is it possible to set a Local Group policy using wsh (set polic
using the
registry is not an option) ?

thanx in advance ..

Martin *

The only way I've found is to invoke ntrights.exe (from Win2k
resource kit) from the script.
E.g. smth like:

WsShell.Run('ntrights.exe /u user1 +r Se...');

Other approaches did not work for me.
secedit /import requires database name,
and where I'm supposed to get it from?

And WMI classes for policies were pretty comlex to tackle and when
finally did - they did not work anyway.

Good luck!
Igo


-
igor_

 

[george]

inline...

The only way I've found is to invoke ntrights.exe (from Win2k3
resource kit) from the script.
E.g. smth like:

WsShell.Run('ntrights.exe /u user1 +r Se...');

Other approaches did not work for me.
secedit /import requires database name,
and where I'm supposed to get it from?

you should know the name of the database, because you would have previously
created it yourself with the Security Analysis and Configuration MMC Snap-in
and a associated Security Template (prepared using the Security Templates
MMC Snap-in and imported into the Database) containing the security settings
(local group policy settings) that you desire.
re-reading the above I think I'll try to clarify sequence of event a bit
(just to confuse the heck out of you )))

-create MMC with snap-ins (Sec. Templates and Sec. Config and Anal.)
-select an appropriate Sec. template, right click, Save As with your
preferred name (so as to leave the original sec. templ. intact
-open this new template and confiure thesettings you need/want and save
template again.
-then in Sec. Config/Anal: Open Database and type a DB name (= Your DBname)
for a new DB to be created
-when asked, select the Sec. template you previously created.
This will load those settings into the DB. Save the DB.
-Now you know what the database name is and can use that file with secedit
/import


george