rzander / PSPEditor

PowerShell Policy Editor
62 stars 8 forks source link

Setting processed using a CSE should be excluded #5

Open danielboth opened 6 years ago

danielboth commented 6 years ago

While all settings in the registry can be set using PowerShell, that does not mean that it will also work if you set them using PowerShell. If a setting is processed by a GPO CSE (Client Side Extension), like the Local Administrator Password Solution for example, just applying the registry key is not enough. The CSE get's triggered by the existence of the setting in the GPO, so only if the setting is in the GPO it will be processed.

It would be nice if you could flag the settings processed by a CSE so it's clear those cannot be set using PowerShell. A list on all CSE's can be found here: https://blogs.technet.microsoft.com/mempson/2010/12/01/group-policy-client-side-extension-list/.

I'm also not 100% sure if all CSE's work in the same way, I tested while setting the LAPS settings through PowerShell, which does not work if the settings are not in a GPO.

rzander commented 6 years ago

I do fully agree… highlighting CSE Settings makes sense... Will check that.

Same for all HKEY_CURRENT_USER\Software\Policies Keys. A User does not have write permission to this key…