windows 如何通过命令行更改组策略?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/39834069/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to change group policy via command line?
提问by Abhishek
I want to update group policyin windows server using command line. I don't want programatic way. I read this& this, and then tried delete registry keys based on the mapping of group policy and registry keys, but the group policy didn't got updated.
我想group policy使用命令行在 Windows 服务器中更新。我不想要程序化的方式。我阅读了this& this,然后尝试根据组策略和注册表项的映射删除注册表项,但组策略没有更新。
Specifically, I want to set Computer Configuration\Administrative Templates\Windows Components\Windows Update\Configure Automatic Updatesto Not configuredin group policy.
具体来说,我想在组策略中设置Computer Configuration\Administrative Templates\Windows Components\Windows Update\Configure Automatic Updates为Not configured。
So, I ran following commands,
所以,我运行了以下命令,
C:\Windows\system32>reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v ScheduledInstallTime /f
The operation completed successfully.
C:\Windows\system32>reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v ScheduledInstallDay /f
The operation completed successfully.
C:\Windows\system32>reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoUpdate /f
The operation completed successfully.
C:\Windows\system32>reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v AUOptions /f
The operation completed successfully.
But after that the group policy wasn't updated. Do I need to run another command to propagate my registry changes to group policy? If yes, what is it? What am I missing?
但在那之后,组策略没有更新。我是否需要运行另一个命令来将我的注册表更改传播到组策略?如果是,那是什么?我错过了什么?
I tried, gpupdate /force, it overrided my registry changes. I need converse of this.
我试过了,gpupdate /force它覆盖了我的注册表更改。我需要谈谈这个。
回答by Glenn Slayden
How to change group policy from the command line? Voila:
如何从命令行更改组策略?瞧:
回答by Harry Johnston
For group policy objects in a domain, registry-based group policy settings can be configured from the command line using Powershell. If you are not running on a domain controller, the Group Policy Management Console must be installed.
对于域中的组策略对象,可以使用 Powershell 从命令行配置基于注册表的组策略设置。如果您不在域控制器上运行,则必须安装组策略管理控制台。
See Group Policy Cmdlets in Windows PowerShelland in particular the Set-GPRegistryValue cmdlet.
请参阅Windows PowerShell 中的组策略 Cmdlet,尤其是Set-GPRegistryValue cmdlet。
You can of course run a Powershell command from the legacy command line, e.g.,
您当然可以从旧命令行运行 Powershell 命令,例如,
powershell get-gpregistryvalue -Name gpo-name -Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -ValueName AUOptions
As far as I know, there is no command-line solution for local group policy.For local group policy, see Glenn's answer.
据我所知,本地组策略没有命令行解决方案。有关本地组策略,请参阅 Glenn 的回答。
回答by Kevin
Set-GPRegistryValue is the way to go here. The problem, which is common, is that you have the GP path and you need to raw data. You can get the raw data (Keypath and value) from the settings spreadsheet, from the ADMX file (if administrative template setting) or from a free tool call registry.pol viewer from GPOGuy.
Set-GPRegistryValue 是这里的方法。常见的问题是您有 GP 路径并且需要原始数据。您可以从设置电子表格、ADMX 文件(如果是管理模板设置)或 GPOGuy 的免费工具调用 registry.pol 查看器中获取原始数据(密钥路径和值)。
The commands you put up clean up registry data, these cmdlets don't do that. They add values to the registry.pol file (or registry.xml for GP Preference) stored in the GPO. Those settings are then sent down to target systems and applied to registry. Also, for non-registry based policy and ability to automate settings across local policies search "Group Policy Automation" there is a solution out there you may want to look at.
您设置的命令会清理注册表数据,而这些 cmdlet 不会这样做。它们将值添加到存储在 GPO 中的 registry.pol 文件(或用于 GP 首选项的 registry.xml)。然后将这些设置发送到目标系统并应用于注册表。此外,对于基于非注册表的策略和跨本地策略搜索“组策略自动化”自动设置的能力,您可能需要查看一个解决方案。
