rzander
commented
6 years ago I do fully agree… highlighting CSE Settings makes sense... Will check that.
Same for all HKEY_CURRENT_USER\Software\Policies Keys. A User does not have write permission to this key…
While all settings in the registry can be set using PowerShell, that does not mean that it will also work if you set them using PowerShell. If a setting is processed by a GPO CSE (Client Side Extension), like the Local Administrator Password Solution for example, just applying the registry key is not enough. The CSE get's triggered by the existence of the setting in the GPO, so only if the setting is in the GPO it will be processed.
It would be nice if you could flag the settings processed by a CSE so it's clear those cannot be set using PowerShell. A list on all CSE's can be found here: https://blogs.technet.microsoft.com/mempson/2010/12/01/group-policy-client-side-extension-list/.
I'm also not 100% sure if all CSE's work in the same way, I tested while setting the LAPS settings through PowerShell, which does not work if the settings are not in a GPO.