Does anyone know how to script GPO for users in a Windows computer that is not on any Active Directory network?
I can't use GPMC because it doesn't work without a domain. I have been searching the net for the last couple of hours and all the solutions that I find are related to GPMC.
I'd imagine there are some objects in the GPO that are accessible via WMI? Does anyone know anything about that? I was unable to find any information about that.
Here is the situation I am trying to script:
I have 10 users on the machine, and I want to restrict what they are able to do on the machine. So I created 10 GPOs for each one of them. Now I want to apply a common policy to all of them. The only way to do it is to go through each of the GPO and do it manually. This is too time consuming, therefore I am seeking for a simpler solution.
I was unable to find a way to copy GPO from a user to a user. That would make it much easier, I would create a GPO for 1st user, then copy it over to all the other users, but no luck, couldn't find a way to copy GPOs.
The other method I tried was creating a GPO for the whole user group but it turns out you can't apply GPO to a group unless you use GPMC, which I can't cause the computer is not on any domain.
So I am thinking about scripting this whole process, but again I can't find any examples of how to access particular GPO objects for particular users and modify properties through WMI.
Any suggestions on the issue I am having?
Thanks!
I'm assuming that you're setting things such as User Rights Assignment, Security Options, etc. Is that right? If so, you might try using the Security Configuration and Analysis console to configure the settings the way you want, then save and apply that configuration to the computers you want.