Re: Is it possible to make changes to a group policy through script

Hi Roger

Thanx for the answer.

The primary reason for using the setting is that some of the users on the
network must have special rights (the rights are given through group
membership).
When these users login, they select a 'profile' to work as and then re-logon
to have the proper rights.

In this case group membership must be updated and take effect at that next
logon. And this only happens on Windows 2000 WS or if this GPO setting is
enabled on the client in Windows XP.

If there are easier an easier way to make this happen, I would like to know...

I'm not completely sure about templates.
Can I make a template that only contains this single change (and be sure
that there not other machine specific stuff in the template).
And then apply it to the client by a script?
(it is to be used as part of an installation MSI file)

/Brian


"Roger Abell [MVP]" wrote:

"Brian Nielsen" <BrianNielsen@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:35C2EC26-DEAC-49C7-8E26-E70CD2CAE2F8@xxxxxxxxxxxxxxxx
Hi

I need to set the group policy setting "Always wait for the network at
computer startup and logon" on all Windows XP machines in the network, to
make XP apply group policies at logon time and alter group memberships on
each logon.


The policy you mention will not have the effect that you mention.
It will cause what you say only when policies are applied, which in default
settings will be when a change is detected in the applied policies.


I can't do it on the domain controller because XP be default apply group
policies asynchronously and therefore the setting will not be active when
a
user logon.


This does not follow.
Apply the setting to the client machines using a GPO if those machines
are in a domain. Once the machines have processed the new settings
those settings will thereafter be used.

The question 2-sided:
1. Is there a way to change this setting using a script on the local
machine?

Not really. One could define a template and have that applied with secedit.
Otherwise there is no scripting API available to do this.

2. If it is not possible to do it by script, what is the easiest way to
apply this change in an environment consisting of Win2k3 DC's and Windows
XP
workstations?

Use a GPO that applies to that set of workstations




.

Relevant Pages

  • Re: Local Security Policy in Windows XP Home
    ... the logon profiles and have disabled the guest account. ... It's a network component that should be checked ... >> machines and a 2Wire router. ... I can access shared files from Charlie to Alpha ...
    (microsoft.public.security)
  • Re: Event id 529
    ... The machines are not accessible from the Internet. ... I don't have access to my Network ... Logon Failure: ...
    (microsoft.public.windowsxp.security_admin)
  • Re: User Logon Required on some Networked machines
    ... you may want to enable the guest account on the remote computer. ... > All are accessable over the network. ... > the other machines I can see all the shared folders just ... > be able to access the shared folders with out a logon ...
    (microsoft.public.windowsxp.network_web)
  • Re: Domain Logon
    ... > I'm trying to logon to a domain using Windows XP Home. ... > The domain/workgroup is set up and lots of other machines ... > All the other machines on the network can see and access ... Windows XP Home Edition may not become a member of a Domain and will not ...
    (microsoft.public.windowsxp.security_admin)
  • Network security access.
    ... I have a network between 5 pc on which there is installed Windows XP Pro ... of shared directories on the server you find one that I ... make accessible to 2 machines "client" and not at the other two. ... rights while for the other machines I can not do that. ...
    (microsoft.public.windowsxp.general)