1

I'm trying to set the Logon script property with a Powershell script. Everything I've found only applies to the Administrative Templates folder, not the Windows Settings section.

I'd like to be able to add a value with parameters, similar to hitting the "add" button and adding the information manually, such as in the second screenshot.

The powershell command would write the information into those fields. This script would go out to many users, who would presumably find running a file to change this setting easier than navigating the Group Policy Editor themselves. There is no domain controller or other admin-centric software installed on the machines. enter image description hereenter image description here

Ian Hyzy
  • 214
  • 2
  • 4
  • 13
  • 1
    @PimpJuiceIT I added some more context for what I'm trying to achieve, does that help? – Ian Hyzy Oct 18 '18 at 21:39
  • Not quite - I want to set that property with powershell with some other information. We need to set this property on many computers, and want to make it as easy as possible for users. – Ian Hyzy Oct 18 '18 at 21:44
  • We don't have a domain controller or any admin software.(This is setting up some things so we can get that) – Ian Hyzy Oct 18 '18 at 21:45
  • A potential helpful starting point maybe.... https://serverfault.com/questions/377387/how-to-add-a-shutdown-script-not-by-using-gpedit-msc-or-active-directory—I don't have time to confirm anything though but there should be some registry entries I would think and manipulating those via PowerShell should be trivial I would think. – Vomit IT - Chunky Mess Style Oct 18 '18 at 21:51
  • Could I please ask what changes you are tying to achieve on a per system basis? Any script written may not execute initially due to localised execution policies... Understanding what you are trying to do could potentially be approached in a slightly different manner, and if you have to go down the route of opening up the execution policy you may as well look into WinRM for future changes remotely that can be done across multiple systems instead of a one off case? – CraftyB Oct 18 '18 at 23:04
  • There's an EXE for a system reporting service we want to run on login. It reports the hostname, OS version, etc to a cloud service. @CraftyB – Ian Hyzy Oct 18 '18 at 23:43
  • Do users have admin access? (The fact you say you are pushing to users...) In your particular case I think a script to add a scheduled task via cmd would be the easiest approach (when you say etc... do you need user context information?) also does the installer have a silent switch? – CraftyB Oct 18 '18 at 23:55
  • @CraftyB Yes, users have admin access. The plan is to, hopefully, send an email with a link to an Powershell file / EXE they can run to do this for them. Adding to a scheduled task may work as well, I'll ask the team the asked me to deploy this if that's an ok workaround. The "installer" is silent by default, I don't think it installs anything - it just runs with the parameters, which is an API key. – Ian Hyzy Oct 19 '18 at 00:08
  • Personally due to the complexities of running powershell scripts initially could cause you more issues, if you need to go down the route of powershell I would consider running WinRM command for further abilities to modify things..., I say this from previous experience! :) – CraftyB Oct 19 '18 at 00:12
  • This would be a one-time thing to set it, we're working on a proper domain controller setup but need to figure out what machines to put in the domain controller in the first place. I'm looking into WinRM now though, thanks for the recommendation. – Ian Hyzy Oct 19 '18 at 00:14
  • IanH - If you happen to run PS for this though, consider using a format/syntax such as: `Powershell -ExecutionPolicy Bypass -Command "& 'C:\Scripts\Script.ps1'"` if possible. This seems to give pretty good success regarding the execution policies mentioned in my experience. If you have trouble, you might either change to the `C:\Windows\System32\WindowsPowerShell\v1.0` dir before running Powershell.exe or call it with the full path of `C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell` – Vomit IT - Chunky Mess Style Oct 19 '18 at 00:46
  • Another idea also may be to put it all in a batch script to execute the PowerShell logic, then throw that on a UNC path share i.e. `\\server\share` and then send an email with a link and be sure everyone has read access to the share, and simply tell them to execute it one time. You could put some logic in the script so if it is successful per some post check, etc. that a message box pops up saying "Success" otherwise popup says "Failure" so that could be the end-user indicator to try again or get with you. Just some quick thoughts. – Vomit IT - Chunky Mess Style Oct 19 '18 at 00:50
  • Last but not least, look at some of the script example I wrote about on this answer using batch to execute PowerShell using these tactics for a sample to help you better visualize what I'm talking about: https://superuser.com/questions/1366274/send-a-file-to-an-email-address-using-a-bat-file-without-exposing-the-email-info/1366769#1366769 – Vomit IT - Chunky Mess Style Oct 19 '18 at 00:52
  • 1
    Recently I both asked and finally answered similar question here: https://superuser.com/questions/1325592/programmatically-create-startup-script-in-local-group-policy-script-executes-bu/1325692#1325692 – maoizm Oct 21 '18 at 16:31
  • 1
    @maoizm yep, sounds just like what the doctor ordered.... Ian H - I'd check that out for sure. – Vomit IT - Chunky Mess Style Oct 21 '18 at 21:23
  • That looks very similar, giving it a shot now - thanks! – Ian Hyzy Oct 22 '18 at 19:24

0 Answers0