Secedit will work for security settings but not
administrative template settings. The only way to script getting admin template
settings in a local GPO to multiple machines is to copy the underlying
registry.pol key that stores those settings once you set them on your "master"
machine. There are two registry.pol files within the local GPO, assuming you've
set both Computer and User Admin Template policy. These files are found at
c:\windows\system32\grouppolicy\machine\registry.pol and
c:\windows\system32\grouppolicy\user\registry.pol. First copy these files to
your target machines. Then on your target machines, take a look at the file
called gpt.ini found in c:\windows\system32\grouppolicy. That ini file will
contain a version number key that will have a value. You'll need to increment
that value by at least 1 after copying the new registry.pol files onto each
machine, so that the machine knows that it has new local policy settings to
process.
Darren
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, November 01, 2005 6:58 AM
To: [email protected]
Subject: RE: [ActiveDir] Can I apply policies locally?
In the past, I have used secedit to do this. See below for
correct syntax.
Check out the help for secedit for further
info.
neil
Neil Ruston
Global Technology Infrastructure
Nomura International plc
Telephone: +44 (0) 20 7521 3481
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mitch Reid
Sent: 01 November 2005 14:22
To: [email protected]
Subject: [ActiveDir] Can I apply policies locally?
I can't use AD. I need to automate this from a script or batch file. I attempted to create a Security
Template and use secedit to apply it. However, I can't configure anything user Administrative
Templates this way. I can use gpedit.msc but am unable to automate that.
I know Admin Template settings are really just registry settings and I could take the approach
of simply modifying the registry. Is there a better way? Am I missing something? I couldn't find
anything on Microsoft's site or the archives here.
Thanks.
PLEASE READ: The
information contained in this email is confidential and
intended for the
named recipient(s) only. If you are not an intended
recipient of this
email please notify the sender immediately and delete your
copy from your
system. You must not copy, distribute or take any further
action in reliance
on it. Email is not a secure method of communication and
Nomura International
plc ('NIplc') will not, to the extent permitted by law,
accept
responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence
of any virus, worm or similar malicious or disabling
code in, this
message or any attachment(s) to it. If verification of this
email is sought then
please request a hard copy. Unless otherwise stated
this email: (1) is
not, and should not be treated or relied upon as,
investment research;
(2) contains views or opinions that are solely those of
the author and do
not necessarily represent those of NIplc; (3) is intended
for informational
purposes only and is not a recommendation, solicitation or
offer to buy or sell
securities or related financial instruments. NIplc
does not provide
investment services to private customers. Authorised and
regulated by the
Financial Services Authority. Registered in England
no. 1550505 VAT No.
447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A
member of the Nomura group of companies.
