How to apply Local Group Policy settings silently using the ImportRegPol.exe and Apply_LGPO_Delta.exe utilities.

 MDT, SCCM, Scripting, Uncategorized, Windows 7  3 Responses »
Jan 182012
 

In many Organizations, the AD support team is separated from the team in charge of Imaging.  The AD team naturally is protective with their setup and fight any GPO setting that would result in more responsibility to their staff.  So that leaves us in some occasions having to turn to Local Group Policy to apply the settings we want.  I’ve recently come across some great tools provided by Microsoft (very quietly) for Government usage.  These tools allow you to basically back up your LGPO settings to a txt file and apply them on demand with a script silently.

MS link: http://blogs.technet.com/cfs-file.ashx/__key/communityserver-components-postattachments/00-03-05-16-48/LGPO_2D00_Utilities.zip
BackUp link: https://panaconsulting.egnyte.com/h-s/20120118/077e07ba18c74413

How to use:

  1. Apply desired settings on a Windows 7 test machine, using the gpedit.msc MMC snap-in.
  2. Run the “ImportRegPol.exe” with the /parseonly and /log to pull settings and save to a specified LOG file.
    User settings and machine settings need to be captured separately:
    LGPO User Settings
    Capture User Example
    ImportRegPol.exe /u  C:\Windows\System32\GroupPolicy\User\registry.pol /parseonly /log <PathToSettingsFile>.log
    LGPO Machine Settings
    Capture Machine Settings Example:
    ImportRegPol.exe /m  C:\Windows\System32\GroupPolicy\Machine\registry.pol /parseonly /log <PathToSettingsFile>.log
  3. Use the Apply_LGPO_Delta.exe utility to apply the settings silently.  On restart the settings will take effect.
    Apply_LGPO_Delta.exe <PathToSettingsFile>.log /log <PathToLogFile>.log
  4. This can easily be added to an SCCM or MDT Task Sequence and tied to logic to ensure the correct settings get pushed to the appropriate target systems/users.

Command Line help for LGPO Tools:

Apply_LGPO_Delta.exe inputfile0 [inputfile1 ...] [/log LogFile] [/error ErrorLogFile] [/boot]

inputfileN             One or more input files specifying the changes to make.  Input files must be security template files, or registry-based policy files using a custom file format described below.  Apply_LGPO_Delta automatically determines whether a file is a custom policy file or a security template.  Security templates can be created using the “Security Templates” MMC snap-in.

/log LogFile           Writes detailed results to a log file.  If this option is not specified, output is not logged nor displayed.

/error ErrorLogFile   Writes error information to a log file.  If this option is not specified, error information is displayed in a message box dialog.

/boot                  Reboots the computer when done.

 

ImportRegPol.exe –m|-u path\registry.pol [/parseOnly] [/log LogFile] [/error ErrorLogFile] [/boot]

-m path\registry.pol   [for Computer configuration] or

-u path\registry.pol   [for User configuration]

Path\registry.pol specifies the absolute or relative path to the input registry policy file (which does not need to be named “registry.pol”).

/parseOnly             Reads and validates the input file but does not make changes to local group policy.  In conjunction with the /log option, can be used to convert a registry policy file to an input file for Apply_LGPO_Delta.

/log LogFile           Writes detailed results to a log file.  If this option is not specified, output is not logged nor displayed.  The logged results for the registry policy settings can be used as input for Apply_LGPO_Delta.

/error ErrorLogFile   Writes error information to a log file.  If this option is not specified, error information is displayed in a message box dialog.

/boot                  Reboots the computer when done.

 

-Brian G

Share

Setting Custom Windows 7 “Action Center” settings via a Script or Batch

 Scripting, Windows 7  3 Responses »
Jun 242011
 

Because the Windows 7 CopyProfile=true option only saves a handful of configurations.  We are left with the fun of trying to automate the rest.  I’ve outline some basic, such as specifying a custom Themepack for All Users:

http://supportishere.com/how-to-set-theme-in-windows-7-via-script-for-all-users/

 

The Windows 7 Alert Settings can become a nuisance if you disable the Firewall or do not use a Virus protection program that MS considers safe.  So in some cases, it is easiest to simply disable the checks it performs and notifies the user on.

Desired Setting:

image

The problem is that MS saves these entries in the Registry with GUIDs and REG_BINARY type values that are not easy to change via script.

(HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks)

image

So in the interim, the only method I’ve found to disable these alerts is to disable the “Security Center” entirely using the following command:

net stop wscsvc

image

 

I can not guarantee if disabling this Service will effect other features within Windows.

Share

Apply Open Office Settings via Script Or Batch

 MDT, SCCM, Scripting, Windows 7, Windows XP  No Responses »
Jan 192011
 

In most cases, my customer base have decided to install Open Office applications outside of their base images.  The silent installations are fairly simple, because the install files are provided in .MSI format.

Applying custom settings after a clean installation need to also be addressed.  I found this was also fairly simple.  All of the settings changed are made to the files stored in the following folder:
Windows 7: “C:\Users\Administrator\AppData\Roaming\OpenOffice.org”
Windows XP: “C:\Documents and Settings\Administrator\Application Data\OpenOffice.org”

So Simply apply the desired setting changes on a test machine and capture the settings folder.  Then change the permissions of the folder to the following:

Grant Everyone “Full Control”
image
image

Next in your Post Image processing overwrite the Directory with your custom settings Directory and you are all set.
xcopy "%~dp0OpenOffice.org\" "C:\Users\Administrator\AppData\Roaming\OpenOffice.org" /heyi

Share

Set Default Background ( Wallpaper ) in Windows 7 via Script Or Batch

 Scripting, Windows 7  1 Response »
Jan 182011
 

I previously wrote an article on how to set the default theme via a script:
http://supportishere.com/how-to-set-theme-in-windows-7-via-script-for-all-users/

This article is displaying a method to simply set the Default Background image for new users in Windows 7.

This method performs the following actions:
1. Takes Ownership of “C:\Windows\Web\Wallpaper\Windows\img0.jpg”.
start /w "TakeOwn Of img0" "C:\Windows\System32\takeown.exe" /A /F "C:\Windows\Web\Wallpaper\Windows\img0.jpg"

2. Grant Full Permissions to img0.jpg file to Administrator.
start /w "Take Permissions" "C:\Windows\System32\Icacls.exe" "C:\Windows\Web\Wallpaper\Windows\img0.jpg" /grant Administrator:F /Q

3. Replaces the file with your desired Background Image.
xcopy "%~dp0img0.jpg" "C:\Windows\Web\Wallpaper\Windows\" /heyi

image

Note: Image should have the following attributes:
Dimensions: 1920 X 1440
Resolution: 72 DPI
Bit Depth: 24

Example of Script Package:
https://dl.dropbox.com/s/jnaqawa536ab9md/Win7SetDefaultWallpaper.zip?dl=1

Share

How to Set Theme in windows 7 via script for all Users

 Scripting, Windows 7  2 Responses »
Jan 092011
 

—–UPDATED LINK—————–

The process of setting the theme for all users outside of group policy is still tedious in Windows 7.  The method I came up with is not the cleanest, but it is supported by Microsoft and easy to implement.

Procedure:

1. Build .ThemePack file on test machine via the “Personalization” control panel applet.
* If Aero is desired, ensure test machine supports Aero.

image
1a. Set all desired settings, Background, Background Color, Sounds, and Screen Saver settings.
1b. Right-Click on new “Unsaved Theme” listed under “My Themes” and click on “Save Theme for saving”.  This will output the .themepack files.
* .Themepack files are self extracting files, which include all dependent files for theme to apply on new machines.
image
2. Rename Outputted .themepack file to “CustomTheme.themepack” and download zip archive below:
https://panaconsulting.box.com/s/7wdszgsweecn0d71jzi3
3. Extract archive and inject the new “CustomTheme.themepack” to the same directory.
4. Run “silent.bat” for visible run boxes, or “CallSilentBatch.vbs” for silent and hidden.

The script basically calls the “.themepack” file for any new user that logs into the system once and then closes the “Personalization” applet, which auto opens when .themepack files are initiated.

Share