Skip to content

PowerShell functions and DSC resource wrappers around the TJX.PolFileEditor.PolFile .NET class.

License

Notifications You must be signed in to change notification settings

dlwyatt/PolicyFileEditor

Repository files navigation

Build Status: Build status

PolicyFileEditor

PowerShell functions and DSC resource wrappers around the TJX.PolFileEditor.PolFile .NET class.

This is for modifying registry.pol files (Administrative Templates) of local GPOs. The .NET class code and examples of the original usage can be found at https://gallery.technet.microsoft.com/Read-or-modify-Registrypol-778fed6e .

It was written when I was still very new to both C# and PowerShell, and is pretty ugly / painful to use. The new functions make this less of a problem, and the DSC resource wrapper around the functions will give us some capability to manage user-specific settings via DSC (something that's come up in discussions on a mailing list recently.)

Quick start

This example shows you how to install PolicyFileEditor from the gallery and use it to set a mandatory screen saver timout with logon:

Write-host "Trusting PS Gallery"
Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted

Write-Host "Installing PolicyFileEditor V3"
Install-Module -Name PolicyFileEditor -RequiredVersion 3.0.0 -Scope CurrentUser

$UserDir = "$env:windir\system32\GroupPolicy\User\registry.pol"

Write-Host "Setting `Password protect the screen saver` to on"
$RegPath = 'Software\Policies\Microsoft\Windows\Control Panel\Desktop'
$RegName = 'ScreenSaverIsSecure'
$RegData = '1'
$RegType = 'String'
Set-PolicyFileEntry -Path $UserDir -Key $RegPath -ValueName $RegName -Data $RegData -Type $RegType

Write-Host "Setting `Screen saver timeout` to 5m"

$RegPath = 'Software\Policies\Microsoft\Windows\Control Panel\Desktop'
$RegName = 'ScreenSaveTimeOut'
$RegData = '300'
$RegType = 'String'

Set-PolicyFileEntry -Path $UserDir -Key $RegPath -ValueName $RegName -Data $RegData -Type $RegType

# apply the new policy immediately
gpupdate.exe /force