Important Notice: On February 29th, this community was put into read-only mode. All existing posts will remain but customers are unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.

Change local security policy?

Has anyone ever used PDQ to change a setting in a computers local (not GPO) security policy?

0

Comments

5 comments
Date Votes
  • I've not done it, but you could try wrapping secedit into a powershell script with a pre-configured cfg file that has your changes in it that you can do a secedit /import [somefile].cfg ....

     

    Would probably just be more prudent to just use actual Group Policy if you are on a domain though, although this of course could be a special one-off use case. But there you go. I'd start looking into that.

    0
  • Yep, not a domain policy :(
    Someone configured each server's local policy, I am not sure why. Oh well.

    I need to look into the secedit path, keep seeing this but looks dirty.

    0
  • The nice thing about about group policy is it gets applied Local > Site > Domain > OU. So if you make changes in Group Policy that conflict with the Local Policy, unless local policy is enforced, your changes at the Domain or OU level will over right them. So you may not have to look down the secedit path. Food for thought.....

    0
  • I thought any local policy will always overwrite GPO enforcement? I had no idea GPO at the domain level could over-write?

    0