23 February 2015

Home » » Import and Apply Local GPOs

Import and Apply Local GPOs

  Monday, February 23, 2015    No comments
This script will import and apply a local GPO using the local GPO utility, ImportRegPol.exe, located here. The script is a wrapper that makes implementing this utility a snap. All that has to be done is to use the Microsoft Security Compliance Manager to export the desired local GPO. I wrote this script for use mainly in the MDT build. I realize there is the GPO Pack built into MDT, but what happens when you want to deploy a local GPO to machines already built or multiple local GPOs at different times in a build? This script makes that easy.

The syntax for the function is as follows:

Syntax:
Import-LGPO -LGOPName "User Friendly Name" -LGPOLocation "<Path_To_GPO_GUID>" -GPOType "Machine"

Example:
Import-LGPO -LGOPName "Disable Network Wait" -LGPOLocation "\\Fileshare\LGPO\{57D203F7-B8CE-47BC-920F-CECF34F6A6BA}" -GPOType "Machine"

You can download the script from here.



 <#  
 .SYNOPSIS  
   Apply Local Group Policy  
 .Author  
   Mick Pletcher  
 .Date  
   23 February 2015  
 .EXAMPLE  
   powershell.exe -executionpolicy bypass -file LGPO.ps1  
 #>  
   
   
 Function Import-LGPO {  
   
      Param([String]$LGPOName, [String]$LGPOLocation, [String]$GPOType)  
        
      $Executable = $Global:RelativePath+"ImportRegPol.exe"  
      If ($GPOType -eq "Machine") {  
           $GPOType = "\DomainSysvol\GPO\Machine\registry.pol"  
      } else {  
           $GPOType = "\DomainSysvol\GPO\User\registry.pol"  
      }  
      $Parameters = "-m "+[char]34+$LGPOLocation+$GPOType+[char]34  
      Write-Host "Apply Local"$LGPOName" Policy....." -NoNewline  
      $ErrCode = (Start-Process -FilePath $Executable -ArgumentList $Parameters -Wait -Passthru).ExitCode  
      If (($ErrCode -eq 0) -or ($ErrCode -eq 3010)) {  
           Write-Host "Success" -ForegroundColor Yellow  
      } else {  
           Write-Host "Failed with error code "$ErrCode -ForegroundColor Red  
      }  
   
 }  
   
 cls  
 $Global:RelativePath = (split-path $SCRIPT:MyInvocation.MyCommand.Path -parent)+"\"  
 Import-LGPO -LGPOName "User Friendly Name" -LGPOLocation "<Path_To_GPO_GUID>" -GPOType "Machine"  
 Start-Sleep -Seconds 5

Related Posts:

  • Enable Wake-On-LAN NOTE: This is an old script. I have a newer and more efficient one located here. This script will enable WOL and test to make sure it has been set. It will return whether it was a success or failure both to a log file and … Read More
  • SCCM Client Installer Installing the SCCM client takes a few minutes. This script was written so that it will wait for the ccmsetup.exe to complete. I have encountered issues with the setup not completing before the system reboots during a build… Read More
  • Enable or Disable Internet Explorer Active X Components This script will enable or disable Internet Explorer Active X components. All you have to do is pass the user friendly name of the component, component's GUID, and the flag. The app will verify if the change actually takes … Read More
  • Pinning Shortcuts to the Taskbar and Start Menu There are already scripts out there that will do this, but I have taken it a little further. I have added checking to make sure the application is installed first so that the script does not error out. I have also added on-… Read More
  • Removing Outlook Data Files Automating the removal of Outlook data files is a tedious process that is difficult to automate. The registry key is a data hash that is unique on each system. Here is a script I wrote that will do just that. This script wi… Read More

0 comments:

Post a Comment