how can i edit something in gpedit.msc with cmd/batchscript - powershell

My main problem is I am facing the problem ->
when i am trying to execute my exe file (which i written and compiled in C using GCC). I have found the solution and the solution is to change some of the settings under gpedit.msc
run -> gpedit.msc -> computer configuration -> windows settings -> security settings ->
local policies -> security options
there are multiple files. I just want to edit files whose name starts with "User Account Control: "
Either i want to enable or disable them. How can i do that programatically using cmd/batch script?
till now i have found secdit but that does not edit the values. link -> scroll down little bit and you will find secedit. I also used resource monitor to observe registry changes when i disable something according to this link -> Use Process Monitor to Find Registry Changes. But nothing shows up. Somewhere in the internet i also found that security policies are not always associated with registry values. But i forgot to save the link. I also found this stackoverflow article Modify Local Security Policy using Powershell
. But i can't understand anything as i know nothing about powershell programming and secedit or "how to edit database". Please provide some juicy resources to learn about editing security policies.
For your information i am building my program.exe in my local computer (house pc) and transferring the generated exe in "Amazon EC2 instance". If you say compile the program in "Amazon EC2" RDP i will say that i dont need to do that because my program.exe is running fine in "Amazon EC2" if i disable or enable some of the "User Account Control: " settings

Here is everything I wanted to know -> Registrykey Values Associated with local policies and thanks to -> Grzegorz Ochlik.

Related

Windows Advanced audit settings for ALL powershell terminals

On powershell I have the command to view the advanced audit settings from a registry key only by running as administrator, by running
(get-acl hklm:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -audit).GetAuditRules($true,$true,[System.Security.Principal.NTAccount])
I was wondering if there's an alternative way of doing this on the regular powershell terminal? as when i try with the command above i get this output get-acl : Attempted to perform an unauthorized operation.
I think you need to give yourself the 'Manage auditing and Security log' (SeSecurityPrivilege) user privilege to do that.
Open Group Policy editor (Windows + R and type
gpedit.msc for the local machine)
Go to Computer Configuration ->
Windows Settings -> Security Settings -> Local Policies -> User
Rights Assignment
Double-click the 'Manage auditing and Security log'
entry and add yourself to the users having that privilege.
You'll probably have to log off and back on before the new setting becomes active.
It can also be done using Powershell. I found a module cSecurityOptions and also Carbon has a function called Grant-Privilege. I haven't tried though..
Hope this helps

How to set Group Policy "Turn Off Automatic Root Certificates Update" vie Registry/Powershell?

I need to disable the following group policy in Windows 7 programatically, for example by modifying a registry key using Powershell:
"Turn Off Automatic Root Certificates Update"
Does anybody know which registry key needs to be set or unset in order to make this work?
I had a similar issue when i was creating an application that communicated with a server over HTTPS using two-way SSL.
This was causing a delay of a full minute when the initial request was made
It ran in WinPE where hand clicking through the local group policy editor was not an option.
There also is no way I am aware of to register a root authority in this environment and it is running in an incredibly restricted environment so it can not access windows update (not that it would find our corporate CA there anyway).
The registry value you are looking for is
HKLM\Software\Policies\Microsoft\SystemCertificates\AuthRoot
DWORD DisableRootAutoUpdate = 1
Source: http://www.group-policy.com/ref/policy/452/Turn_off_Automatic_Root_Certificates_Update
To turn off Automatic Root Certificates Update via Local Group Policy Editor:
Click Start, and then click Run.
Type gpedit.msc, and then click OK.
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
Under computer configuration, Double-click Administrative Templates, double-click System, double-click Internet Communication Management, and then click Internet Communication settings.
Double-click Turn off Automatic Root Certificates Update, click Enabled, and then click OK.
Close the Local Group Policy Editor.
Domain policies override local settings. That's how they're supposed to work (they'd be rather useless otherwise). If you want the policy disabled, disable or remove the policy in Group Policy Management or remove the computer from the domain.

'DefaultAppPool' is being automatically disabled due to a series of failures

Having a tough time with this issue. Not sure how but my ApplicationPoolIdentity is broken.
Currently I'm running IIS 8 on Windows 8 with Visual Studio 2012. When trying to debug an application from Visual Studio, or just navigating to the site in a browser I get the following error logged and a 503 error.
Application pool 'DefaultAppPool' is being automatically disabled due to a series of failures in the process(es) serving that application pool.
If I check out the Application error logs, I find the following error from the User Profile Service.
Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.
DETAIL - The system cannot find the path specified.
Upon looking into the details I find that the User Profile Service is trying to load up a profile with the Id
S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415
Now I opened up the registry to try and find the profile with that UserId. However there's nothing in the Profile list that helps.
So digging around a little more I've found that this issue can be resolved by either
A) Set the Load User Profile of the Application Pool to false.
B) Use a different account for the application pool.
C) Fix the account.
Seeing how this is the built in account, I'd prefer to fix the issue rather than fix the sympton.
What I have tried
aspnet_regiis -i
Removing IIS from windows and reinstalling.
Attempted to follow the guide here but I don't know the account password :P
My hunch
Somehow the ApplicationPoolIdentity got messed up. Is there any physical folders for the built-in accounts? I know that the Network and Local service profiles physical directories exist at C:\Windows\ServiceProfiles\. It is possible to recreate the ApplicationPoolIdentity profile? Or am I way off on what the real issue is?
C) Here is what i did to fix the account
Go in regedit at key
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
There is a setting called "Default". You have to make sure that the data value point to an existing directory on the drive.
By default it contains "%SystemDrive%\Users\Default". In my company the default is changed to a custom profile. Somehow, someone deleted that user profile. So when the defaultAppPool user tryed to create an accound for himself, it was unable to do so because windows cannot provide him with a default user profile.
You can also diagnose this error when looking at the Event Viewer under the Application folder. You will get a message of that type:
Windows cannot find the local profile and is logging you on with a
temporary profile. changes you make to this profile will be lost when
you log off.

Missing Local DTC in MSDTC

First i couldn't start MSDTC service.I tried following link and solve that problem. link : http://social.technet.microsoft.com/Forums/en-ZA/winserverhyperv/thread/d3de5460-fb42-4af0-ac75-27c22741c7e9 .Now I'm having problem with missing Local DTC in MSDTC.(I checked with component services).I'm using windows 7(64bit).
I tried following steps too.But still no luck.
1)Stop the Distributed Transaction Coordinator service in the Services Control Panel
2)At a command prompt run "msdtc -uninstall" without quotes. This removes the MSDTC service from the Services Control Panel and the associated service hive along with the CIDs and CID.Locals from the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSDTC
HKEY_CLASSES_ROOT\CID
HKEY_CLASSES_ROOT\CID.Local
3)Skip this step if you want to preserve existing configuration, such as network transactions and other MSDTC security settings. Otherwise manually delete the following registry keys if they exist:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSDTC
HKEY_CLASSES_ROOT\CID
HKEY_CLASSES_ROOT\CID.Local
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC
4)At a command prompt run "msdtc -install" without quotes. This reinstalls the MSDTC service and the 4 registry hives above.
5)At a command prompt run “msdtc –resetlog” without quotes
Any tips on how i can resolve this?
Now Im bored with solving my own issues.I post it in my blog. http://littlerasika.wordpress.com/2012/06/28/problem-with-starting-msdtc-and-missing-local-dtc-in-windows-7/
There is a section under the
Control Panel -> Administrative Tools -> Component Services -> Computers -> My Computer -> Distributed Transactions -> Local DTC
If you go to properties you should be able to check the "Network DTC Access" box and fill the DCT Logon.
I had to mess around with it quite a few times (since my permissions were too tight) also I would suggest to restart after the new settings and do not forget to disable the firewall just for the duration of testing to make sure it is not getting blocked there.
There you go :)

Set Event Log settings via GPO

How would I set the "overwrite as needed" setting on Event logs other than Application/Security/System? Specifically I'd like to apply this to the Powershell and Windows Powershell Logs, in addition to any other future logs that may be added. This needs to be applied to both server 2003 & 2008.
Wow. I looked around on this and can't find any references to set GPO settings for event logs other than for System, Application, Security. That just seems wrong. You will have to script it for your domain or workgroup or workstation with wevtutil.exe (cmd) or limit-eventlog (powershell). Both utilities have remote connection built in.
wevtutil sl <Log Name> /rt:false
limit-eventlog -Log Name -OverFlowAction OverwriteAsNeeded
I don't believe their is a GPO for this. But most group policies simply modify the registry.
You could create an adm template that modified the settings, or you could simply write a script to adjust the settings.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\PowerShell
If you are not sure how to manually configure the settings, simply adjust the settings in the event log GUI, and set all your other systems to be the same. You may need to restart the system for the changes to go into effect.
Right now you'd need to use SDM Software's GPO cmdlets. That's the only way from within PowerShell to modify the settings within a GPO. But there's no way that I know of to make a change to "any logs which might be added" - I don't think you can modify the system defaults (although I could be wrong - it's not something I've done much).
Computer Configuration-->Windows Settings-->Security Settings-->Event Log