none
Can you use a batch file to change local group policy? RRS feed

  • Question

  • I am trying to change some local policies on several computers. The policies are located at Local Computer Policy>User Config>Admin Templates>Control Panel>Personalization. I need some guidance on how to write this script. If there is a template i could follow that would be great. Thanks in advance.
    Monday, December 8, 2014 2:58 PM

Answers

  • Basically, I need to enable 4 policies. Under the following path Local Computer Policy>User Config>Admin Templates>Control Panel>Personalization>enable screen saver, password protect the screen saver, prevent changing screen saver, and screen saver timeout. 

    All of the above can be set by Group Policy and should be set by Group Policy.

    ¯\_(ツ)_/¯

    Monday, December 8, 2014 6:32 PM

All replies

  • Sorry but you will have to ve specific about what you are tring to change.  Very little can be changed with batch commands.

    ¯\_(ツ)_/¯

    Monday, December 8, 2014 4:28 PM
  • Basically, I need to enable 4 policies. Under the following path Local Computer Policy>User Config>Admin Templates>Control Panel>Personalization>enable screen saver, password protect the screen saver, prevent changing screen saver, and screen saver timeout. 
    Monday, December 8, 2014 4:35 PM
  • Use group policy to manage these settings.

    -- Bill Stewart [Bill_Stewart]

    Monday, December 8, 2014 5:15 PM
    Moderator
  • I would love too but unfortunately it has to be done locally on everyone's computer. Which is why I was looking for a script to enable those settings. 
    Monday, December 8, 2014 5:21 PM
  • I would love too but unfortunately it has to be done locally on everyone's computer. Which is why I was looking for a script to enable those settings. 

    Why?


    Don't retire TechNet! - (Don't give up yet - 13,085+ strong and growing)

    Monday, December 8, 2014 5:23 PM
  • Because most of the employees are using a remote app. So, if I were to set the policy domain wide it would lock the computer and the remote session as well. All the employees would have to do is log in twice. Once into the computer and then again in the remote session. I was told to find another way and doing it locally is the only way it works. 
    Monday, December 8, 2014 5:30 PM
  • GPO settings don't have to apply domain-wide.

    -- Bill Stewart [Bill_Stewart]

    Monday, December 8, 2014 5:41 PM
    Moderator
  • Because most of the employees are using a remote app. So, if I were to set the policy domain wide it would lock the computer and the remote session as well. All the employees would have to do is log in twice. Once into the computer and then again in the remote session. I was told to find another way and doing it locally is the only way it works. 

    This statement does not make any sense.

    Post your needs in the Group Policy forum and they will help you understand how we do this.

    What remote apps are you talking about.  Are you publishing a remote app through Citrix or RDS?


    ¯\_(ツ)_/¯

    Monday, December 8, 2014 6:15 PM
  • Basically, I need to enable 4 policies. Under the following path Local Computer Policy>User Config>Admin Templates>Control Panel>Personalization>enable screen saver, password protect the screen saver, prevent changing screen saver, and screen saver timeout. 

    All of the above can be set by Group Policy and should be set by Group Policy.

    ¯\_(ツ)_/¯

    Monday, December 8, 2014 6:32 PM
  • We are using Windows Remote App (.rdp). Which the employees would have to log back into if I were too enable those policies through group policy on the domain. It locks the account that is logged into the Remote App when you apply it through the server, but if you just lock the computer with a local policy it does not touch the Remote App. This is why I was asking for a script that would enable those policies locally.


    Monday, December 8, 2014 8:52 PM
  • I don't understand what you are trying to say. The screen saver settings are always per user.

    -- Bill Stewart [Bill_Stewart]

    Monday, December 8, 2014 8:59 PM
    Moderator
  • It sounds like your remote app settings are incorrect.  I recommend posting th e REmote Desktop Services forum to see if you can get the straightened out.

    There is no reason why applying this policy via GPO or Local policy would be different. Neither lock the terminal.  They only set screensaver settings.  On an RDS server that ia an app server the app settings are independent of desktop settings but run in the users context.  Ther is no desktop and no screen saver.

    I suspect you are trying to say the a remote users settings crash or affect the app when they are in the remote app and their screen save kicks in.  That has noting to do with policy in a domain and can only be set by the user.  It reallty is not about policy.    Just tell the affected user to shut off the screen saver until you get the app fixed.

    You can shut off the screen saver with one registry edit.  Look in Gallery for scripts that turn the screensaver on and off.


    ¯\_(ツ)_/¯

    Monday, December 8, 2014 9:51 PM
  • That very well can be the problem but I have to work with what I got. They are more interested in patching a problem rather then fixing it. But back to the root question, is there a script I can run to change those policies?
    Tuesday, December 9, 2014 3:07 PM
  • You can edit the registry but Group Policy will only write its values back again.  YOu cannot escape from the central GP.


    ¯\_(ツ)_/¯

    Tuesday, December 9, 2014 3:12 PM