Group Policy editing in Powershell


This was a bit of a mystery to me for quite some time, untill i figured out how to use the “Set-GPRegistryValue” command.

A usefull tool is the RegistryPolReader utility from GpoGuy.com

Let’s begin.

I needed a source GPO that i could copy to a new GPO, link it and change the values (like folder redirection etc.).

First, I set the parameters and import the module

Import-Module GroupPolicy
$CustID = "DEMO"
$ServerPath = "OU=" + $CustID +",OU=Computers,DC=mydomain,DC=local"
$GPOName = $CustID + "_TEST-Customer GPO"
$PoliciesPath = "`\`\mydomain.local`\SYSVOL`\mydomain.local`\Policies`\"

Get the GUID of the source GPO (that contains all your settings). All settings that contains a path needs to have the word “REPLACEME” where you want to replace the text.

$SGPO = (Get-GPO -Name "CustomerSourceGPO").id.guid

Copy the GPO to a new one and link it to a OU (I wanted it to be enforced), then get the GUID of the new GPO

Copy-GPO -SourceGuid $SGPO -TargetName $GPOName
New-GPLink -Name $GPOName -Target $ServerPath -LinkEnabled Yes -Enforced Yes -Order -1 -Domain "mydomain.local"
$TGPO = (Get-GPO -Name $GPOName).id.guid

All folder redirections are contained in the “fdeploy1.ini” file.

$FRPath = $PoliciesPath + "{" + $TGPO + "}\User\Documents & Settings\fdeploy1.ini"
(Get-Content $FRPath) | ForEach-Object{$_ -replace "REPLACEME","$CustID"} | Set-Content $FRPath

Here is where the RegistryPolReader utility plays it part. Load the registry.pol file under either \\mydomain.local\SYSVOL\mydomain.local\Policies\”PolicyGUID”\User or Machine
The entry will look something like this:
“SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services,WFProfilePath,REG_SZ,\\mydomain.local\REPLACEME\Profiles”
The command will then be:

Set-GPRegistryValue -Name $GPOName -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" -ValueName "WFProfilePath" -Type String -Value "\\mydomain.local\$CustID\Profiles"

These are some settings i wanted to change for the user part:

#Change Desktop Wallpaper Path
Set-GPRegistryValue -Name $GPOName -Key "HKCU\software\Microsoft\Windows\CurrentVersion\Policies\System" -ValueName "Wallpaper" -Type String -Value "\\mydomain.local\$CustID\System\aos_black.jpg"

#Change Office Document Cache Location
Set-GPRegistryValue -Name $GPOName -Key "HKCU\software\policies\microsoft\office\15.0\common\fileio" -ValueName "officecachelocation" -Type ExpandString -Value "\\mydomain.local\$CustID\Users\%username%"

#Change Word Default File Location
Set-GPRegistryValue -Name $GPOName -Key "HKCU\software\policies\microsoft\office\15.0\word\options" -ValueName "doc-path" -Type ExpandString -Value "\\mydomain.local\$CustID\Users\%username%"

#Change Start Screen Layout
Set-GPRegistryValue -Name $GPOName -Key "HKCU\software\policies\microsoft\Windows\Explorer" -ValueName "StartLayoutFile" -Type ExpandString -Value "\\mydomain.local\$CustID\System\StartScreen\StartScreen.xml"

You can also change the Group Policy Prefrences settings using the same method as we used for folder redirection:

#Change GPP Files
$GPPFPath = $PoliciesPath + "{" + $TGPO + "}\User\Preferences\Files\Files.xml"
(Get-Content $GPPFPath) | ForEach-Object{$_ -replace "REPLACEME","$CustID"} | Set-Content $GPPFPath

#Change GPP Drive Maps
$GPPDMPath = $PoliciesPath + "{" + $TGPO + "}\User\Preferences\Drives\Drives.xml"
(Get-Content $GPPDMPath) | ForEach-Object{$_ -replace "REPLACEME","$CustID"} | Set-Content $GPPDMPath

Leave a comment

Your email address will not be published. Required fields are marked *