Remove From My Forums

Change RemovableStoreage Write Access Polocies from Script

Question
0

Sign in to vote
I am working on a script that i can quickly deploy to multiple windows 10 computers for the initial setup. Part of this setup is to change some Group Polocies, these are:

Administrative Templates/System/Removable Storage Access ->

- CD and DVD: Deny wire access

- Floppy Drives: Deny write access

- Removable Disks: Deny write access

- Tape Drives: Deny write access

- WPD Devices: Deny write access

Windows Components/Windows Update ->

- Configure Automaic Updates (Enabled, Notify for download and install)

I have been looking for any scripts that do these automatically but the only one i can find only edits the registry and does not edit Registry.pol, so as far as i can tell it only works if the polocies has arealy been enabled (https://gallery.technet.microsoft.com/scriptcenter/EnableDisable-access-to-334043ae)

Looking for another method that will work on a cean Windows 10 computer.
- Edited by AceScottie01 Thursday, January 17, 2019 9:00 AM
- Moved by Bill_Stewart Friday, March 15, 2019 6:10 PM This is not "scripts on demand"
Thursday, January 17, 2019 8:54 AM

All replies

0

Sign in to vote

There are no ways to edit the local policies directly. You can only set the registry. All local policies are stored in the registry and there is no API for this.

\_(ツ)_/

Thursday, January 17, 2019 9:31 AM
0

Sign in to vote

Why would you like to do that with a script? Use group policies! They are made for.
Live long and prosper!

(79,108,97,102|%{[char]$_})-join''

Thursday, January 17, 2019 9:31 AM
0

Sign in to vote

There are no ways to edit the local policies directly. You can only set the registry. All local policies are stored in the registry and there is no API for this.

\_(ツ)_/

The registry values dont work. I have set all the registy keys needed and even ran gpupdate at the end but the polocies remain "Not Configured" event after rebooting.

Friday, January 18, 2019 8:41 AM
0

Sign in to vote

Why would you like to do that with a script? Use group policies! They are made for.

Live long and prosper!

(79,108,97,102|%{[char]$_})-join''

I am wanting to set Group Polocies. I just want to set them in a script as manually editing them all for every computer i have to set up will take a long time.

Friday, January 18, 2019 8:42 AM
0

Sign in to vote
I am wanting to set Group Polocies. I just want to set them in a script as manually editing them all for every computer i have to set up will take a long time.

Either I get you wrong or you have a big misunderstanding of Group Policies. You set them on a central place once for a group of computers and they will be applied to this group of computers. That's why they're called Group Policies! ;-) :-D

Group Policies

Live long and prosper!

(79,108,97,102|%{[char]$_})-join''
- Edited by BOfH-666 Friday, January 18, 2019 8:49 AM
Friday, January 18, 2019 8:46 AM
0

Sign in to vote

You can try LGPO utility provided by Microsoft.

Configure all the settings on one machine and then use LGPO to export it.

Use same utility to import on different machines.

If you want to do it on multiple machine you can invoke it using PowerShell or if you have SCCM you can create package and push it to multiple machines.

You can find more information on LGPO https://blogs.technet.microsoft.com/secguide/2016/01/21/lgpo-exe-local-group-policy-object-utility-v1-0/.

Friday, January 18, 2019 9:47 AM
0

Sign in to vote

Setting Group Policy with registry will be overridden by Group Policy. You can only set Local Policy via the registry but system policy will over-write.

The LGPO utility is the best way to mange local policy without conflict.

If you are trying to define a baseline then use LGPO. In a domain use Group Policy.

\_(ツ)_/

Friday, January 18, 2019 12:53 PM

Asked by:

Change RemovableStoreage Write Access Polocies from Script

Question

All replies