Modify GPO settings via Powershell?

This topic contains 7 replies, has 4 voices, and was last updated by  js 2 weeks ago.

  • Author
    Posts
  • #83452

    iViLL
    Participant

    Hello All,
    I want to automate a task in Windows 10 Pro where i need to Toggle the "Remove Lock Computer" and "Remove Task Manager" enable/disable. is it possible to make it work via powershell?

    Gpedit.msc > User Configuration > Administrative Teamplates > System > Ctrl+Alt+Del Options > Remove Lock Computer > Enable(or Disable)

    Gpedit.msc > User Configuration > Administrative Teamplates > System > Ctrl+Alt+Del Options > Remove Task Manager > Enable(or Disable)

  • #83455

    Alex Aymonier
    Participant

    I take it these are not on a domain? If they are then GPO is your best bet. The only way i can think of is you'll need to find the reg keys that correspond to these settings and set those reg keys via PowerShell.

  • #83459

    Sergey Vasin
    Participant

    Hello.
    Maybe this:

    function CtrlAltDel
    {
        Param(
            [switch]$DisableLockWorkstation,
            [switch]$EnableLockWorkstation,
            [switch]$DisableTaskMgr,
            [switch]$EnableTaskMgr
        )
    
        $Path = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\System'
    
        if ($DisableLockWorkstation -and $EnableLockWorkstation)
        {
            Write-Output 'Specify DisableLockWorkstation OR EnableLockWorkstation'
            return
        }
    
        if ($DisableTaskMgr -and $EnableTaskMgr)
        {
            Write-Output 'Specify DisableTaskMgr OR EnableTaskMgr'
            return
        }
        
        if ($DisableLockWorkstation)
        {
            if (-not (Test-Path -Path $Path))
            {
                New-Item -Path $Path | Out-Null
            }
            New-ItemProperty -Path $Path -Name DisableLockWorkstation -Value 1 -Force -ErrorAction SilentlyContinue | Out-Null
        }
    
        if ($EnableLockWorkstation)
        {
            Remove-ItemProperty -Path $Path -Name DisableLockWorkstation -ErrorAction SilentlyContinue
        }
    
        if ($DisableTaskMgr)
        {
            if (-not (Test-Path -Path $Path))
            {
                New-Item -Path $Path | Out-Null
            }
            New-ItemProperty -Path $Path -Name DisableTaskMgr -Value 1 -Force -ErrorAction SilentlyContinue | Out-Null
        }
    
        if ($EnableTaskMgr)
        {
            Remove-ItemProperty -Path $Path -Name DisableTaskMgr -ErrorAction SilentlyContinue
        }
    }
    
    • #83542

      iViLL
      Participant

      Hi, Thanks for your reply, it seems not working, after a splash powershell window, i checked the registry, nothing was changed

    • #83551

      Sergey Vasin
      Participant

      It's a function definition.
      After you define it in the session, you can use following commands:

      CtrlAltDel -DisableLockWorkstation -DisableTaskMgr
      CtrlAltDel -EnableLockWorkstation -EnableTaskMgr
      

      Also you can add any of there lines after function definition and use it like s script.

  • #83471

    js
    Participant
    • #83543

      iViLL
      Participant

      Hi, thanks for your reply, i installed the PolicyFileEditor, somehow i'm trying to figure it out how to make it working... could you make an example for me? like how to turn off taskmgr

    • #83581

      js
      Participant

      That blog teaches you. Do it in gpedit.msc, then you can export it to an xml with that module, or display it on the screen and see what the registry setting is.

You must be logged in to reply to this topic.