Configure a Group Policy with PowerShell

In this blog post, I will show you how to configure a group policy settings and items using PowerShell.

Everyone knows that you can create a group policy using PowerShell; however, not many people know that you can configure the settings of the GPO using PowerShell.

By default, all the Group Policy items are registry keys that apply to machines.

 Registry Reference

To help us configure GPOs with PowerShell, Microsoft has published an excel file with all the registry locations and values needed to configure each GPO item.

The file can be downloaded from the location below.

https://www.microsoft.com/en-au/download/details.aspx?id=25250

Configure GPO

Let’s start and setup the following GPO settings:

Remove Computer icon on the desktop

The registry key needed to enable the policy is:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum!{20D04FE0-3AEA-1069-A2D8-08002B30309D}

Below is the key in the Excel spreadsheet.

Create GPO

To show you how it works, I will start with creating a GPO called RemoveCoputerIcon” 

New-GPO -Name "RemoveComputerIcon" -Comment "Remove Computer Icon From Desktop"

Apply Settings

To apply the settings into the GPO, I will run the following command.

set-GPRegistryValue -Name "RemoveComputerIcon" -Key "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum" -Type DWORD -ValueName "{645FF040-5081-101B-9F08-00AA002F954E}" -Value 1

Link GPO

The final step is to apply the policy to an OO, and in my case, I am deploying it to the root domain.

New-GPLink -Name "RemoveComputerIcon" -Target "dc=corp,dc=enterprise,dc=local"

Remove Settings

If you need to remove the settings from the policy, simply run the the code below.

remove-GPRegistryValue -Name "RemoveComputerIcon" -Key "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum" -Type DWORD -ValueName "{645FF040-5081-101B-9F08-00AA002F954E}" -Value 1

Processing…
Success! You're on the list.

Posted

in

,

by