This post has been republished via RSS; it originally appeared at: ITOps Talk Blog articles.
Recently I have received a support request from a Customer that need to add multiple value to a GPO. Lets dive into the details.
ENVIRONMENT
The customer installed a new third party application is his client environment (Windows 10), this application require a specific GPO to be set on all Clients. The vendor of the application gave to the customer a Custom ADMX Template to permit to set this GPO on all clients. The Customer have all DC 2008R2 and the Policy Central Store Enabled.
THE PROBLEM
The Customer installed the Custom ADMX Template, but when he try to configure the GPO from the GPMC console, he would see this window from the settings:
The problem here, is that he need to add more than 700 urls in this setting, and from this window the user can add one url at time. (A HUGE work of Copy and Paste!)
SOLUTION
I have reproduced the customer situation in my Lab with the following steps:
- I have created a ListBoxGPO in my lab to do some tests:
- I have used a similar policy, the "Intranet Zone Restricted Protocols" that have the same type of Window (a ListBox):
You can find the details of this policy here. - Then I have used the LGPO tool to read from the Registry.pol of the GPO where this settings are stored in the registry:
=======================================================LGPO.exe /parse /m "\\lab.com\SYSVOL\lab.com\Policies\{719264A1-F33B-485C-828F-4B00589272B5}\Machine\Registry.pol"
; ----------------------------------------------------------------------
; PARSING Computer POLICY
; Source file: \\lab.com\SYSVOL\lab.com\Policies\{719264A1-F33B-485C-828F-4B00589272B5}\Machine\Registry.polComputer
SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols
ListBox_Support_1
DWORD:1Computer
SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\1 <= This is the Registry Key used by the ListBox
itopstalk.com <= This is the name of the Value
SZ:itopstalk.com <= Those are the Type of the value (SZ = String), and Value.; PARSING COMPLETED.=======================================================
; ----------------------------------------------------------------------
This is the view from the RegEdit from the client: - So now, how can I add more than 700 Url in this GPO?
The solution is simple but not really common. Starting from 2008R2 ADDS introduce a PowerShell module for managing GPO called "GroupPolicy". In this module there is a cmdlet called Set-GPRegistryValue this type of policy can configure registry-based Policy.
With the settings collected from the LGPO I'm able to use this cmdlet to set the 700 Urls:
=====================================================
#Read Urls from a file on disk.
$Urls = get-Content .\Urls.txt
#Build a loop to add all the Urls to the specified CPO.foreach ($Url in $Urls)
{Set-GPRegistryValue -Name ListBoxGPO -ValueName $Url -Type String -Value $Url -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\1"=====================================================
} - Verify correct execution of the script by editing the GPO from the GPMC and check the content of the Listbox:
- Verify if the registry key of the client, have the correct registry value applied by the GPO:
- Mission Complete! :)