I would like to turn the local group policy on and off via command prompt. Basically, is there a command that will be the equivalent of right clicking on "Local Computer Policy", choosing properties and then checking (or unchecking) the boxes next to "Disable Computer configuration settings" and "Disable User Configuration Settings"? Ultimately, I would like to develop a program with three buttons that will turn off group policies, turn on group policies, and turn group polices off for 20 minutes. We have a few computers not attached to our server and so we control them with local group policies and there have been times that I have been working on them that I have forgotten to turn the policies back on. The 20 minute button would really help.
Add a comment
|
1 Answer
As answered in this Microsoft forum post one can achieve this by modifying the file "C:\Windows\System32\GroupPolicy\gpt.ini" directly.
Inside that file a line "Options=x" should exist if the enabled/disabled status was ever set.
X being one of these numbers:
0: Neither box is checked
1: Only Disable User Configuration is checked
2: Only Disable Computer Configuration is checked
3: Both are checked
So you could write a Powershell script like this to disable both policy categories:
$fileContent = Get-Content "C:\Windows\System32\GroupPolicy\gpt.ini"
$lineMissing = $true
for ($i = 0; $i -lt $fileContent.Length; $i++) {
if ($fileContent[$i] -match "^Options=") {
$fileContent[$i] = "Options=3"
$lineMissing = $false
}
}
#Option line didn't exist
if ($lineMissing) {
$fileContent += "Options=3"
}
$fileContent | Out-File "C:\Windows\System32\GroupPolicy\gpt.ini"
gpupdate
The gpupdate call is needed for Windows to actually revert all the policies that are no longer active
