Modify GPO settings via Powershell?

Welcome Forums General PowerShell Q&A Modify GPO settings via Powershell?

This topic contains 7 replies, has 4 voices, and was last updated by

js
 
Participant
1 year ago.

  • Author
    Posts
  • #83452

    Participant
    Points: 0
    Rank: Member

    Hello All,
    I want to automate a task in Windows 10 Pro where i need to Toggle the "Remove Lock Computer" and "Remove Task Manager" enable/disable. is it possible to make it work via powershell?

    Gpedit.msc > User Configuration > Administrative Teamplates > System > Ctrl+Alt+Del Options > Remove Lock Computer > Enable(or Disable)

    Gpedit.msc > User Configuration > Administrative Teamplates > System > Ctrl+Alt+Del Options > Remove Task Manager > Enable(or Disable)

  • #83455

    Participant
    Points: 56
    Rank: Member

    I take it these are not on a domain? If they are then GPO is your best bet. The only way i can think of is you'll need to find the reg keys that correspond to these settings and set those reg keys via PowerShell.

  • #83459

    Participant
    Points: 22
    Rank: Member

    Hello.
    Maybe this:

    function CtrlAltDel
    {
        Param(
            [switch]$DisableLockWorkstation,
            [switch]$EnableLockWorkstation,
            [switch]$DisableTaskMgr,
            [switch]$EnableTaskMgr
        )
    
        $Path = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\System'
    
        if ($DisableLockWorkstation -and $EnableLockWorkstation)
        {
            Write-Output 'Specify DisableLockWorkstation OR EnableLockWorkstation'
            return
        }
    
        if ($DisableTaskMgr -and $EnableTaskMgr)
        {
            Write-Output 'Specify DisableTaskMgr OR EnableTaskMgr'
            return
        }
        
        if ($DisableLockWorkstation)
        {
            if (-not (Test-Path -Path $Path))
            {
                New-Item -Path $Path | Out-Null
            }
            New-ItemProperty -Path $Path -Name DisableLockWorkstation -Value 1 -Force -ErrorAction SilentlyContinue | Out-Null
        }
    
        if ($EnableLockWorkstation)
        {
            Remove-ItemProperty -Path $Path -Name DisableLockWorkstation -ErrorAction SilentlyContinue
        }
    
        if ($DisableTaskMgr)
        {
            if (-not (Test-Path -Path $Path))
            {
                New-Item -Path $Path | Out-Null
            }
            New-ItemProperty -Path $Path -Name DisableTaskMgr -Value 1 -Force -ErrorAction SilentlyContinue | Out-Null
        }
    
        if ($EnableTaskMgr)
        {
            Remove-ItemProperty -Path $Path -Name DisableTaskMgr -ErrorAction SilentlyContinue
        }
    }
    
    • #83542

      Participant
      Points: 0
      Rank: Member

      Hi, Thanks for your reply, it seems not working, after a splash powershell window, i checked the registry, nothing was changed

    • #83551

      Participant
      Points: 22
      Rank: Member

      It's a function definition.
      After you define it in the session, you can use following commands:

      CtrlAltDel -DisableLockWorkstation -DisableTaskMgr
      CtrlAltDel -EnableLockWorkstation -EnableTaskMgr
      

      Also you can add any of there lines after function definition and use it like s script.

  • #83471
    js

    Participant
    Points: 219
    Helping Hand
    Rank: Participant
    • #83543

      Participant
      Points: 0
      Rank: Member

      Hi, thanks for your reply, i installed the PolicyFileEditor, somehow i'm trying to figure it out how to make it working... could you make an example for me? like how to turn off taskmgr

    • #83581
      js

      Participant
      Points: 219
      Helping Hand
      Rank: Participant

      That blog teaches you. Do it in gpedit.msc, then you can export it to an xml with that module, or display it on the screen and see what the registry setting is.

The topic ‘Modify GPO settings via Powershell?’ is closed to new replies.