I am trying to enable group policy settings, but not able to figure out how to do it.
tried :
1) get-command grouppolicy, but throws error.
2) not able to import GPO.
Can we do this using pure powershell script.
Thanks in advance.
You will need to install RSAT (Remoter Server Administration Tools) in order to have access to the Group Policy cmdlets.
You can find more information about the cmdlets here:
https://learn.microsoft.com/en-us/powershell/module/grouppolicy/?view=win10-ps
RSAT can be acquired here:
https://www.microsoft.com/en-us/download/details.aspx?id=45520
Related
SCCM is the method we deploy Windows updates to clients. We have a portion of computers that have a local group policy setting under:
Local Computer policy > Administrative Templates > Windows Components > Windows update
The setting is called "Specify intranet Microsoft update service location"
Basically the wuahandler.log is complaining of :
Enabling WUA Managed server policy to use server: http://servername.domain.local:8530
Group policy settings were overwritten by a higher authority (Domain Controller) to: Server https://servername.domain.local:8531 and Policy ENABLED
Failed to Add Update Source for WUAgent of type (2) and id ({C2F93D44-EAB3-4D5E-9330-7806157D92AD}). Error = 0x87d00692.
I can see that for whatever reason SCCM is not modifying the local group policy and its causing a conflict.
The pc's that have no issue have both the local group policy and policies under hklm > policies > windows update as the correct name (with port 8531).
I am basically asking how can i change the "specify intranet microsoft update service location ' using powershell or an automated method to remediate the 300 pc's that have a mismatched port number. modifying the HKLM keys under Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate ive already taken care of. But this is not doing anything to resolve my issue.
any help would be appreciated.
There are many articles all over the web on using PowerShell and local policy management. Just search for them. Using a string like 'PowerShell manage local policy' and you will get a long list to consume.
There is even a module via the MS PowershellGallery.com for Local Policy Management.
Find-Module -Name 'PolicyFileEditor' |
Save-Module -Path "$env:USERPROFILE\Documents\WindowsPowerShell\Modules" -Force
Install-Module -Name 'PolicyFileEditor'
And blogged about its use is here:
How to manage Local Group Policy with Powershell
You can even just secedit.
Take a look at this Q&A
So, sure you can mess with Local Policy, be if your SCCM settings getting overridden by a higher authority, then any setting you'd do wit PowerShell would as well.
Please make sure that in case of SCCM/MECM or installations with system user (NT-Authority\System) you do not use -Scope CurrentUser, otherwise you will have the same problem as described here: https://github.com/PowerShell/PowerShellGetv2/issues/651
In a system context Install-Module does not create a Documents folder in the system profile if -Scope CurrentUser is used.
If you want to use -Scope CurrentUser anyway, you have to create the folder "C:\Windows\system32\config\systemprofile\Documents\PowerShell\Modules" or at least "C:\Windows\system32\config\systemprofile\Documents" first, so that the module is installed for the system user.
Ok I am attempting to transfer a manual change to powershell,
Attempting to grant IIS_IUSRS access to /LM/SmtpSvc/ and /LM/SmtpSvc/1/ nodes in the IIS Metabase.
I have googled extensively and can not find an example of what i am looking for.
I have been trying to play with
$smtp = [wmiclass]‘root\MicrosoftIISv2:IIsSmtpServerSetting'
But I am in a little over my head with WMI.
Any help would be appreciated. This setting is required for resolving
This.
Not an exact answer, but the best I have so far. Following the Guide here I chose option 1 and changed the app pool to network service. I will still work on a way to do the permissions settings with powershell.
Update (solution untested)
I found this answer on another post that details how to do it using scripts in the iis6.0 resource toolkit. To get these scripts on server 2012 you have to install the IIS6.0 resource toolkit, the only way i can find to do a silent install of this one was located here from there you can call the scripts using cscript.exe. I stuck with the changing user on the app pool option because it fits in with other things as well.
Salam every body
I need help to learn how
to Install,Configure and Manage dns using only powershell on Windows 2008?
This should get you started.
Installing DNS Server Role via Powershell
Open an elevated Powershell window and enter the following commands.
Import-Module Servermanager
Add-WindowsFeature 'DNS' -restart
For a more general guide about installing server roles via powershell, take a look at this page: Adding Server Roles and Features
On that page, just CTRL+F for Powershell.
Configuring DNS Server Role via Powershell
Since configuration is a very general topic, here's the link to the documentation:
Domain Name System (DNS) Server Cmdlets
You can list all the available commands with Get-Command –Module DnsServer
I am working on automating group policy settings using PowerShell in Windows Server 2012 R2.
I have lot of local group policy settings to achieve through PowerShell.
As an example I am showing this
Press Windows key > type Run and type gpedit.msc. Expand Computer
Configuration > Windows Settings > Security Settings >
Account Policy > Password Policy or Account Lockout Policy container
In this I need to enable the setting called Passwords Must Meet Complexity Requirements using PowerShell.
I achieved automating services start-up type using the cmdlets.
As an example
Set-Service -name vds -StartupType disabled
But I am struggling to start with local group policy settings.
I have also attached a screenshot regarding this.
If anyone have any idea on this Please help me.
I am getting given error when I use powershell commandlets to connect azure app -
Get-HostedService : Could not establish secure channel for SSL/TLS with authority ‘management.core.windows.net’.
here is the links I follow -
http://msdn.microsoft.com/en-us/gg271300
http://wappowershell.codeplex.com/documentation
Based on my experience there could be two problems:
The certificate you are using is not able to create a secure SSL tunnel between your computer and Windows Azure Management Portal and you get error
I have seen OS specific problems related to SSPI and SCHANEL in which the SSL tunnel could not be created.
I also think the first links you have has old info and does not help in most cases. Lets try to solve problem first which is very easy. I am writing below understanding you have Powershell Cmdlets installed in your machine:
First download the publishconfig file from your Windows Azure portal as decribed here.
Now open your Windows Powershell for Windows Azure CmdLets (In Admin Mode)
After that enter these Powershell Commands directly:
PS > Import-Subscription <include your _filename_.publishsettings here>
PS > Select-Subscription <Enter The _name_of_your_subscription which will be listed after you run above command (Note - **SubscriptionName** is needed here>
PS > Get-HostedService <This should list all of services in your subscription>
Now you can manage the subscription from Powershell Cmdlets.
If you still have problems please let me know and I will provide info on 2).
Can you please file a bug for this here: http://github.com/WindowsAzure/azure-sdk-tools
The error message back from PowerShell should be friendlier in this case.
Also, you can now use Add-AzureAccount to obtain credentials rather than having to download and import a publishsettings file