mminisee Posted March 1, 2004 Share Posted March 1, 2004 Well I have been asked to complete another daunting task, update the local group policy on 100+ machines in two seperate remote offices. We are working to move to AD in the coming year but until then things are still the old way.AutoIt has to be able to help me with this, it's been so good at so many other things, I just have never made one to do any changes like this and am not sure where to start at all. I need a script that can be run from an Admin priveleged account and have it execute the gpedit.msc command to access the Group Policy control panel and then make a couple of changes in there (below);1. Disable changing home page settings (User Configuration\Administrative Templates\Windows Components\Internet Explorer) - Enable2. Specify home page (User Configuration\Windows Settings\Internet Explorer Maintenence\URLs\Important URLs) - http://www.xxxxxxxxxx.com/corporate/gateway3. Specify and disable changing wallpaper (User Configuration\Administrative Templates\Desktop\Active Desktop) Prohibit Changes - Enabled / Active Desktop Wallpaper - Enabled, Specified - C:\winnt\company.bmp, Stretch / Allow Only Bitmapped Wallpaper - Enabled4. Activate the screensaver policy - (User Configuration\Administrative Templates\Control Panel\Display) - Actiivate Screen Saver - EnabledSpecify the screensaver (User Configuration\Administrative Templates\Control Panel\Display) - Screen saver executable name - Enabled / c:\winnt\system32\logon.scr5. Password protect the screensaver (User Configuration\Administrative Templates\Desktop\) Password Protect Screensaver - Enabled6. Automatically start screensaver and lock the PC after idle time - (User Configuration\Administrative Templates\Control Panel\Display) - Screen Saver timeout - EnabledAssistance is much appreciated, and if anyone already has scripts for Admins like this, please let me know I would appreciate any other samples available.Thank you,Mike Link to comment Share on other sites More sharing options...
GrahamS Posted March 1, 2004 Share Posted March 1, 2004 (edited) OK, I'm not an expert but how about the following: run(@comspec & " /c gpedit.msc") WinWaitActive("Group Policy") send("{down 8}{right}") sleep(1000) send("{down}{right}") sleep(1000) send("{down 2}{tab}") sleep(1000) send("{down 11}") sleep(1000) send("!ar") WinWaitActive("Disable changing home page settings Properties") send("!e") ControlClick("Disable changing home page settings Properties", "", "Button6" ) That's done number one, the others can be done in a similar manner. I have reservations about this script. I'm not overjoyed with using the hard coded number - if your policies are not in the same order then the {down 11{ will not be correct. What you could do is after the tab, do a send("^{END}"), open the properties tab with the send("!e"), wait for the properties window to open (possibly using a WinTitleMatchMode option of 2 (substring) against "Properties"). Then you can check the window name against the exact title that you want. If it is not want you want then use the Previous Policy, using send("!p"), repeatedly to work your way through the windows. Ugly but would work Edited March 1, 2004 by GrahamS GrahamS Link to comment Share on other sites More sharing options...
Guest normano Posted March 2, 2004 Share Posted March 2, 2004 You can make the changes by writing directly to the registry, this is what the Group Policy editor does anyway. Here is a short code sample using AutoIt: ; ------------------------------- ; Sets the Home Page to www.mammals.org RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main", "Start Page", "REG_SZ", "http://www.mammals.org/") ; Disables Home Page changes RegWrite("HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel", "HomePage", "REG_DWORD", 1) ; ------------------------------- The only catch to this is that it applies the settings for the current user not system wide. You would need to run this for every user that logs on to the computer, which is really easy (put it in the All Users\Startup folder). If you want to do the registry method, and you need more of the registry keys let me know, and I will try to get them to you. One more option is if you are running ActiveDirectory you can set your policies up as part of the domain policy instead of the local computer policy, and it would apply itself to all accounts. Link to comment Share on other sites More sharing options...
Guest lotus Posted March 3, 2004 Share Posted March 3, 2004 (edited) hi, first run gpedit.msc, & configure the necessary policies on a test system. then copy the folder from the test system to the target system. XP, please use 1. c:\windows\system32\grouppolicy and also run the following command for immediate update 2. gpupdate /force 2K, please use 1. c:\winnt\system32\grouppolicy 2. secedit /refreshpolicy machine_policy 3. secedit /refreshpolicy user_policy if this needs to be rolled out on 100+ systems, then write a script which can do the above & execute the script on remote systems using SYSINTERNALS PSEXEC freeware. here is the sample script for it. PLEASE SUBSTITUE xxx - admin privileged account yyy - domain zzz - account password $PATH - the grouppolicy of the test system needs to be placed in read-only shared drive. XP script ====== RUNASSET("xxx","yyy","zzz") $CMD="XCOPY " & $PATH & " C:\WINDOWS\SYSTEM32 /E/V/Y" RUNWAIT($CMD,@TempDir) RUNASSET() RUNWAIT("GPUPDATE /FORCE",@TempDir) 2K script ====== RUNASSET("xxx","yyy","zzz") $CMD="XCOPY " & $PATH & " C:\WINNT\SYSTEM32 /E/V/Y" RUNWAIT($CMD,@TempDir) RUNASSET() RUNWAIT("SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE",@TempDir) RUNWAIT("SECEDIT /REFRESHPOLICY USER_POLICY /ENFORCE",@TempDir) Edited March 3, 2004 by lotus Link to comment Share on other sites More sharing options...
mminisee Posted March 4, 2004 Author Share Posted March 4, 2004 Thank you to all for your replies, I will most likely go with the suggestion Lotus gave, thank you Lotus!! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now