Hello, i wrote a small script to toggle enabling/disabling of an administrative policy:
$RegPath = 'Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions' # in HKEY_LOCAL_MACHINE
$RegName = 'DenyUnspecified'
$RegType = 'DWord'
$MachineDir = "$env:windir\System32\GroupPolicy\Machine\Registry.pol" # set it to machine policies .pol file
$condition = (Get-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions -Name DenyUnspecified).DenyUnspecified
$RegData = if ( $condition -eq 1 ) { 0 } else { 1 } # set regdata to the opposite of what it is currently
Set-PolicyFileEntry -Path $MachineDir -Key $RegPath -ValueName $RegName -Data $RegData -Type $RegType
gpupdate.exe /force
EDIT: Ok so this works to enable/disable the setting, at least according to gpedit.msc. But when I run gpresult /scope computer /v it is still saying the value is enabled (with a value of 0, 0, 0, 0), even though in the system config it is saying it is disabled. Is this normal behavior?
edit edit: Nevermind. This is expected as "Enabled" simply means the policy is being used on the machine, the first number in 0,0,0,0 determines if it is enabled or disabled
Hello, i wrote a small script to toggle enabling/disabling of an administrative policy:
EDIT: Ok so this works to enable/disable the setting, at least according to gpedit.msc. But when I run
gpresult /scope computer /vit is still saying the value is enabled (with a value of 0, 0, 0, 0), even though in the system config it is saying it is disabled. Is this normal behavior?edit edit: Nevermind. This is expected as "Enabled" simply means the policy is being used on the machine, the first number in 0,0,0,0 determines if it is enabled or disabled