none
gpedit.msc edit in Task Sequence?

    Question

  • Hello,

    Is it possible to edit an entry in gpedit.msc in a task sequence?  (specifically computer config/administrative templates/windows components/windows update/configure automatic updates & specify intranet WSUS location)

    Thanks

     

    Tuesday, March 15, 2011 3:39 PM

All replies

  • Most things in group policies are simply registry values so you could just edit the registry location directly. For those settings above, the proper registry path is HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\.

    You could also create a local group policy file and aply it using a tool like ImprtRegPol: http://blogs.technet.com/b/fdcc/archive/2009/09/15/new-and-updated-local-group-policy-utilities.aspx.

    Most folks generally choose the first option above, but using option two is a cleaner way.

    Also note that if you hae any domain GPOs in place that set these same settings, they will take precedance and (eventually) overwrite anything you do in the registry or via local group policy.


    Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys
    Tuesday, March 15, 2011 4:37 PM
  • Thanks Jason - how would I utilize the tool in this instance?

     

     

    Tuesday, March 15, 2011 5:28 PM
  • In this case, with the WSUS server, you could just add WSUSServer=http://ServerName to your customsettings.ini file.
    Wednesday, March 16, 2011 9:25 AM
  • I agree with Jason.  We used to edit the registry directly but these settings would NOT be reflected in gpedit.msc.  I, too, prefer using the tools.  If you still need assistance with the utility reply back.
    Tuesday, March 29, 2011 3:07 AM
  • You can use Windows Power Shell in Windows 7 or Windows Server 2008 R2 to modify registry based group policies. See

    http://technet.microsoft.com/en-us/library/ee461027.aspx

    for more details.

    You should use the Set-GPRegistryValue command. Or follow this step by step guide (just an example):

    1. Download “Group Policy Settings Reference for Windows and Windows Server” from Microsoft Downloads
    2. Open the Excel Sheet to find out the appropriate Registry Key for the GPO Setting to be configured
    3. Example:
    User Configuration – Prevent Windows Anytime Upgrade from Running =>
    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WAU
    4. Open Windows PowerShell on Windows Server 2008 R2 or Windows 7
    5. Type import-module grouppolicy
    6. Type Get-Command *-GP* to get an overview of GPO related Cmdlets
    7. Create a new sample GPO (for testing purposes the GPO remains unlinked)
    Type New-GPO –Name MyTestGPO –comment “This is a test GPO”
    8. Enable User Configuration – Prevent Windows Anytime Upgrade from Running:
    Type set-gpregistryvalue –name MyTestGPO –Key “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WAU“ –value 1 –valuename Disabled –type DWord 9. Check configuration:
    Type get-gpregistryvalue –name MyTestGPO –Key HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WAU
    10. Check configuration (2):
    Open GPMC – Edit MyTestGPO – User Configuration – Administrative Templates – All Settings - Prevent Windows Anytime Upgrade from Running = Enabled
    11. Disable User Configuration – Prevent Windows Anytime Upgrade from Running:
    Type set-gpregistryvalue –name MyTestGPO –Key HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WAU –value 0 –valuename Disabled –type DWord
    12. Check configuration:
    Type get-gpregistryvalue –name MyTestGPO –Key HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WAU
    13. Check configuration (2):
    Open GPMC – Edit MyTestGPO – User Configuration – Administrative Templates – All Settings - Prevent Windows Anytime Upgrade from Running = Disabled
    14. Remark: Settings can be enabled or disabled, and even set back to “Not configured”!
    15. To configure the settings back to “Not configured”
    Type remove-gpregistryvalue –name MyTestGPO –key “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WAU” –valuename Disabled
    16. Check configuration:
    Open GPMC – Edit MyTestGPO – User Configuration – Administrative Templates – All Settings - Prevent Windows Anytime Upgrade from Running = Not configured

    Good luck!

    Tuesday, March 29, 2011 5:22 PM