Comments

5 comments

  • Stephen Valdinger

    I've not done it, but you could try wrapping secedit into a powershell script with a pre-configured cfg file that has your changes in it that you can do a secedit /import [somefile].cfg ....

     

    Would probably just be more prudent to just use actual Group Policy if you are on a domain though, although this of course could be a special one-off use case. But there you go. I'd start looking into that.

    0
    Comment actions Permalink
  • Brandon Carder

    Yep, not a domain policy :(
    Someone configured each server's local policy, I am not sure why. Oh well.

    I need to look into the secedit path, keep seeing this but looks dirty.

    0
    Comment actions Permalink
  • Stephen Valdinger

    The nice thing about about group policy is it gets applied Local > Site > Domain > OU. So if you make changes in Group Policy that conflict with the Local Policy, unless local policy is enforced, your changes at the Domain or OU level will over right them. So you may not have to look down the secedit path. Food for thought.....

    0
    Comment actions Permalink
  • Brandon Carder

    I thought any local policy will always overwrite GPO enforcement? I had no idea GPO at the domain level could over-write?

    0
    Comment actions Permalink
  • 0
    Comment actions Permalink

Please sign in to leave a comment.