Support NeoGAF

[Tommie Hu$tle]

I have to configure some user policies on some laptops that will be going in to service. The process of configuring them is simple enough I just have to make some minor edits to gpedit.msc and eventvwr.msc the thing is I need to do it for 20 laptops and my philosophy is always if you have to do it more than once on a computer there is a program out there that does it or you can make one.

So anyone here in the IT field have any ideas?

 

[aaaaa0]

If they're part of a domain, just edit the domain policy, and it will automatically apply to every machine in the domain.

Otherwise, I think you can write scripts to change local policy settings.

http://www.microsoft.com/technet/pr...elp/ec359199-c237-4bb3-aa7c-2e81057ffcef.mspx

 

[Tommie Hu$tle]

I've been looking around MS and I couldn't find that link but it has what I'm looking for thanks.


And to be more clear I'm not trying to edit the .msc file but rather the Group Policy Object (GPO) parameters. Due to the network I'm working with I couldn't edit the domain policy. These are a limited set of PCs on a large network. Editing the domain policy would prove "problematic".

 

[Cutley]

Not if you know how to set up active directory properly. Editing local policies will be more problematic.

 

[Tommie Hu$tle]

Not if you know how to set up active directory properly. Editing local policies will be more problematic.

Technically this is true but, I'm dealling with a classified network, these laptops have to be configured before they are allowed on the network this is a legal requirement not a technical requirement. That's what I mean by problematic, could I do it? Sure, would I go to jail, yes.

 

[Cutley]

Well that sux large phallic objects.

 

[Tommie Hu$tle]

Well here is my issue now that I have looked at GPMC and it would work fine if these laptops were on a Domain but they aren't so I'm kinda SOL at this point using GPMC but, it is something to look at in the future.

What I want to do is simple for example I want to setting for "prevent access to registry editing tools" disabled, I know with Group Policy I can export those security options to a file but, I can't see where I can import that file with my changes back to securtiy options.

 

[blahness]

Well here is my issue now that I have looked at GPMC and it would work fine if these laptops were on a Domain but they aren't so I'm kinda SOL at this point using GPMC but, it is something to look at in the future.

What I want to do is simple for example I want to setting for "prevent access to registry editing tools" disabled, I know with Group Policy I can export those security options to a file but, I can't see where I can import that file with my changes back to securtiy options.

As far as Local Policy goes (although i have never done this myself) couldnt you just import the adm files in the C:\windows\system32\GroupPolicy\ADM folder from a configured client to a non-configured client?

 

[DarienA]

As far as Local Policy goes (although i have never done this myself) couldnt you just import the adm files in the C:\windows\system32\GroupPolicy\ADM folder from a configured client to a non-configured client?

Beat me to it(just did some research) and that seems to be the most common suggestion.... either that or noting the changes in the registry, and creating a reg file to import to the other registries...

How do I distribute Local Group Policy to Windows 2000 clients in a non-Active Directory domain or workgroup?


If your Windows 2000 clients exists in a workgroup, or Windows NT 4.0 domain, you can use Local Group Policy to configure client settings. As you don't want to visit all of your client computers, use the following procedure:

1. Logon to a Windows 2000 client with administrative privileges and configure the Local Group Policy, by setting focus to Local Group Policy in the Group Policy snap-in, Gpedit.msc. Make sure you don't have any settings that unique to your 'publishing' computer.

2. Copy the folders/files from the %Systemroot%\System32\GroupPolicy folder on the 'publishing' computer to the %Systemroot%\System32\GroupPolicy folder on the 'target' computers.

3. Change the security permissions to insure that the policies do NOT apply to the local administrators.