batch file to change GPO

pnieset

Honorable
Jan 25, 2013
9
0
10,520
I work for a small company and need to find a way to change the GPO of IE and Google Chrome. I do not want the users deleting the history and cookies from both. I have found a way to change IE setting in the GPO manager but to do it to all the computers in my business will take longer then I want to. I want to be able to just run the batch file on the computer or put it in the log on script. I have created small batch files before but nothing on this level involving GPO's. Any advice and samples are greatly welcome. Thank you in advance.
 
Solution
Assuming WS 2012 AD, from Server Manager to go Tools->Group Policy Management:

Go to Domains->yourdomain.com->right click on Group Policy Objects->New

Make a New Policy with the name you want, like "Protect IE History/Cookies"

on the right pane your new policy should appear, right click on it and choose Edit

Now you'll be in the Group Policy Management Editor where you can choose which templates to use like in regular GPEdit.

Once finished you'll be back to the Group Policy Management Console, from there simply click & drag your new policy over your domain folder on the left pane, you'll be asked if you want to link this GPO to that OU/Domain, choose yes.

And that's it, remember, the GPO will take effect only after the user logs...
I guess the company it's not using Active Directory, if it does you could just create and apply the GPO in the Domain Controller so it would affect the entire domain...

If no AD in use, you could use POWERGUI, a tool where you can create GPOs and such graphically as if using the regular GPEdit, but it will also generate the script that you need:

http://www.techrepublic.com/blog/the-enterprise-cloud/simplify-powershell-script-creation-with-powergui/
 

pnieset

Honorable
Jan 25, 2013
9
0
10,520




This was meant to be a reply.

We do have active directory. I am familiar with only the most basic of functions in Active Directory. My manager is wanting me to take on more so I am learning as much as I can about Active Directory. How would I go about creating this in the domain controller?
 
Assuming WS 2012 AD, from Server Manager to go Tools->Group Policy Management:

Go to Domains->yourdomain.com->right click on Group Policy Objects->New

Make a New Policy with the name you want, like "Protect IE History/Cookies"

on the right pane your new policy should appear, right click on it and choose Edit

Now you'll be in the Group Policy Management Editor where you can choose which templates to use like in regular GPEdit.

Once finished you'll be back to the Group Policy Management Console, from there simply click & drag your new policy over your domain folder on the left pane, you'll be asked if you want to link this GPO to that OU/Domain, choose yes.

And that's it, remember, the GPO will take effect only after the user logs in again into his/her account (assuming the policy was made in user settings) else the pc will need to be restarted if it was made under computer settings.
 
Solution