Login/Register
How to modify local group policy setting programatically
Asked Answered
group-policy
T

2

7

I am looking for a way to programatically change the value of a group policy setting without having to reboot a machine or install any additional components on it

Looking for a solution for Windows 2003, 2008, machines are part of the domain

The value is under Administrative Templates\Network\QoS Packet Scheduler, Limit outstanding packets

Tried the following:

  • Change registry directly - this doesn't work, as the value is actually stored in registry.pol file and is propagated from there to the registry

  • Used WMI - WMI objects that are representing the registry are read only, value is not modified

One option that seems to work is to modify the registry.pol file under C:\Windows\System32\GroupPolicy\Machine, however this seems problematic, I will have to parse this file manually.

Timbrel answered 29/6, 2010 at 1:13 Comment(0)
M
5

I wrote a .NET library to assist with this problem. You can read about it here. It is open and source and you can get code and binaries here. Once you know the registry values that are relevant you can make the necessary changes to them using this library and it will save them into the registry.pol file.

Messy answered 2/4, 2013 at 12:0 Comment(5)
Do you know how can I use this library in pure C? because my project compiled with ./configure && make && make install under minGW. ThanksHundredweight
I based my .NET library around this C solution here: pete.akeo.ie/2011/03/porgramatically-setting-and-applying.html The source for my .NET solution is freely available at the link above, in case that helps.Messy
@MartinEden the bitbucket link is broken do you have anywhere else?Jounce
Hi, I'm afraid not. Looks like I've lost that code have no backups now that BitBucket has discontinued Mercurial support. :( Sorry, that was careless of me - I only ever worked on it on my work computer, and I've left that job, so I don't have a copy on my home computer. It was quite a small library - my only suggestion is that you read the blog post and try and recreate it a similar solution. Sorry again.Messy
Both stale links in the post (and the source code for the library) were archived by the WayBackMachine so I updated the links.Page
C
0

use this link :)

https://web.archive.org/web/20100721100443/http://blogs.technet.com/b/fdcc/archive/2010/01/15/updated-lgpo-utility-sources.aspx

you can use this Project For modify GPO on local System. not change Direct Registry!!!!

HRESULT hr;
IGroupPolicyObject* pLGPO;
HKEY machine_key, dsrkey;

const IID my_IID_IGroupPolicyObject =
{ 0xea502723, 0xa23d, 0x11d1, { 0xa7, 0xd3, 0x0, 0x0, 0xf8, 0x75, 0x71, 0xe3 } };
const IID my_CLSID_GroupPolicyObject =
{ 0xea502722, 0xa23d, 0x11d1, { 0xa7, 0xd3, 0x0, 0x0, 0xf8, 0x75, 0x71, 0xe3 } };
GUID ext_guid = REGISTRY_EXTENSION_GUID;
// This next one can be any GUID you want
GUID snap_guid = { 0x3d271cfc, 0x2bc6, 0x4ac2, { 0xb6, 0x33, 0x3b, 0xdf, 0xf5, 0xbd, 0xab, 0x2a } };

// Create an instance of the IGroupPolicyObject class
CoInitializeEx(NULL, COINIT_APARTMENTTHREADED);
CoCreateInstance(my_CLSID_GroupPolicyObject, NULL, CLSCTX_INPROC_SERVER,
    my_IID_IGroupPolicyObject, (LPVOID*)&pLGPO);

// We need the machine LGPO (if C++, no need to go through the lpVtbl table)
hr = pLGPO->OpenLocalMachineGPO( GPO_OPEN_LOAD_REGISTRY);
hr = pLGPO->GetRegistryKey( GPO_SECTION_MACHINE, &machine_key);
//hr = pLGPO->GetRegistryKey(GPO_SECTION_USER, &machine_key);

// The disable System Restore is a DWORD value of Policies\Microsoft\Windows\DeviceInstall\Settings
LSTATUS sdf = RegCreateKeyEx(machine_key, L"Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Settings",
    0, NULL, 0, KEY_SET_VALUE | KEY_QUERY_VALUE, NULL, &dsrkey, NULL);

// Create the value
LSTATUS ds = RegSetKeyValue(dsrkey, NULL, KeyValue, REG_DWORD, &KeyData, sizeof(KeyData));
RegCloseKey(dsrkey);

// Apply policy and free resources
//pLGPO->Save( TRUE, TRUE, &ext_guid, &snap_guid);
GUID RegistryId = REGISTRY_EXTENSION_GUID;
GUID ThisAdminToolGuid =
    /*{ CLSID_PolicySnapinUser/* */
{
    0x0F6B957E,
    0x509E,
    0x11D1,
    { 0xA7, 0xCC, 0x00, 0x00, 0xF8, 0x75, 0x71, 0xE3 }
};
     
LSTATUS rStatus = RegCloseKey(machine_key);
//
// Write the GPO back to the directory
//
hr = pLGPO->Save(
    FALSE,
    TRUE,
    &RegistryId,
    &ThisAdminToolGuid);

RegCloseKey(machine_key);
pLGPO->Release();
Clavicorn answered 14/6, 2014 at 16:5 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.