Sign in with
Sign up | Sign in
Your question

Trying to apply a Group Policy via regedit script command;..

Last response: in Windows XP
Share
May 12, 2005 11:58:10 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi all,

I'm trying to use UpdateExpert to send a "regedit /s file.reg" command to
client machines. My goal is to have the Group policies:

"Configure Automatic Updates"
and
"Specify interanet Microsoft update service location"

to appear the same;have the same settings as if I manually connected to each
machine and ran gpedit.msc, applied the snap-in if necessary, and input the
data.

to accomplish this, I applied the settings via gpedit to a test machine and
then scanned the regestry for the wus ip address.
I found some relevant keys and created the following .reg file: (xxx to
mask real ip and info)
-----------------------------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="http://xxx.xxx.xxx.xxx"
"WUStatusServer"="http://xxx.xxx.xxx.xxx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"RescheduleWaitTime"=dword:00000001
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
"UseWUServer"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy
Objects\{6DAxxxxx-24C1-466D-B0C0-0B168ABxxxxx}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="http://xxx.xxx.xxx.xxx"
"WUStatusServer"="http://xxx.xxx.xxx.xxx"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy
Objects\{6DAxxxxx-24C1-466D-B0C0-0B168ABxxxxx}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
"UseWUServer"=dword:00000001
-----------------------------------------------------------------------------------------

after applying my custom update I also automaticly scan the registry for
compliance on each machine and the registry is indeed changed no problem.

My problem is, if I then go into a machine and run gpedit, the fields are
still 'not configured'

Obviously I'm missing something else; another reg key, but I dont know which
one/s. I need to know what other keys are needed to switch the settings to
'enabled'. I think the fields will then be automaticly populated via the
other keys I already have.

Another option would be the command line gpedit to accomplish this but Im
not very familiar with this commands switches and it needs to have an /s
type switch so it could be done remotely, via a system account whether users
are logged in or not.
Anonymous
May 12, 2005 11:58:11 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hello,

Are these computers running within a domain? If so, are you running Active
Directory on them? You can set both of those policies by domain policy if
you are in fact in such a configuration.
May 12, 2005 6:36:44 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"PBA-IT" <PBAIT@discussions.microsoft.com> wrote in message
news:092AC16E-2995-415D-9C7F-D88FFCDC5C0D@microsoft.com...
> Hello,
>
> Are these computers running within a domain? If so, are you running
> Active
> Directory on them? You can set both of those policies by domain policy if
> you are in fact in such a configuration.

yes, yes but no,

In my particular case, I'm in a very large domain, but even policies applied
just to my OU take an act of congress to get approved and applied. Also, if
I can figure this out, I'll use this method instead.. to apply other group
policies as needed and if I know the .reg key it's easy to generate an
automated query/check for a machines compliance. Our OU admins are not given
enough toys to play with...
!