Re: Local Policy Update Using Remote Registry Edit

Hi Robert.

Try this. Open mmc console and select file - add/remove snapin. Then select
add - Group Policy add. Then select browse and you should see the option for
another computer where you can browse My Net work Places or add the computer
name or IP address. Assuming you have the proper network connectivity and
permissions on the other computer you should then be able to edit it's local
Group Policy. The remote computer would need to have the Windows Firewall
Exception for either file and print sharing and/or Remote Management from
the IP of your workstation.

Steve


"Robert Lindholm" <RobertLindholm@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:BE73EE07-E199-4B4F-80F3-CF0B7ED258E5@xxxxxxxxxxxxxxxx
Steve:

Thanks for your reply, but I think I'm still missing something...

When I open the "gpedit.msc" MMC on my administrative workstation, I don't
see any options for connecting to a remote computer. Are there some
additional things that need to be done with the configurational settings
of
this MMC to establish connectivity with remote systems? I've also not
found
a way to run "gpedit.msc" MMC directly from the remote machine without
using
remote desktop, which requires the user to be logged off. There seems to
be
a very limited set of command line functionality with "gpedit.msc" that
doesn't include anyway to update local policy settings via the command
line
[that I've seen].

Bob
--
Robert Lindholm
University of Rcohester


"Steven L Umbach" wrote:

Keep in mind that domain profile settings apply only when domain computer
are connected to a network where they can find and access a domain
controller. You can edit local Group Policy remotely by selecting the mmc
snapin for Group Policy and selecting - another computer. Of course you
need to be a local administrator on the computer you want to do this to.
I
find it always best to edit Group Policy instead of registry settings.
You
can edit a registry setting [it does NOT edit Group Policy] and it should
work until the computer reapplies it's Group Policy settings if that
setting
is defined. Group Policy administrative template registry settings are
stored in the \Windows\system32\grouppolicy\user or machine\registry.pol
file.

Steve


"Robert Lindholm" <RobertLindholm@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:CFC05AEF-0B48-4E99-AB13-BC44510BD655@xxxxxxxxxxxxxxxx
I'm trying to remotely add an IP address to the Remote Administration
settings [domain/local] on several Windows XP XP2 [with firewall
enabled]
on
my network so I can make some remote adjustments to the Windows
firewall
using "netsh" to ultimately run an install executable for a new AV
software
agent. I found what I believe to be the appropriate Registry keys
associated
with these network settings [see below] and have been able to remotely
update
the Registry, but this hasn't updated the local policy on the computer.
I've
tried performing an "gpupdate" and rebooting the system. Obviously I'm
missing something or there are additional Registry keys that need to be
edited or some other mechanism to update the local policy by editing
the
Registry unless this is a unidirectional process [e.g. local policy
edit ->
Registry change only, not vice-versa]. I'm trying to avoid having to
locally
edit each workstation to make these changes, which brings up a few
questions:

1) Is there a way to remotely edit the local group policy of a Windows
XP
computer remotely over the network [without AD]?

2) Will remote editing of the Registry alter the local group policy of
a
machine and if so how is this accomplished?

Your suggestions are greatly appreciated...

Bob

P.S. Here are the Registry keys I edited:

Domain Policy

HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings!Enabled,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings!RemoteAddresses

Local Policy

HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings!Enabled,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings!RemoteAddresses
--
Robert Lindholm
University of Rcohester





.

Relevant Pages

  • Re: Deploying a Reg Key to HKLM on all Machines
    ... You can use "pure" Group Policy to push out your own registry ... Computer startup script runs as part of the boot up process ... Local or remote directories ... Implementing Registry-Based Group Policy ...
    (microsoft.public.security)
  • Re: Deploying a Reg Key to HKLM on all Machines
    ... You can use "pure" Group Policy to push out your own registry ... Computer startup script runs as part of the boot up process ... Local or remote directories ... Implementing Registry-Based Group Policy ...
    (microsoft.public.win2000.security)
  • Re: configure machines to allow "offer remote assistance" xp home
    ... What I am trying to do is use the "offer remote ... Is there some registry key or something that I can edit in order ... Start the Microsoft Management Console (MMC) (Start, Run, ... Select Group Policy, and click Add. ...
    (microsoft.public.windowsxp.general)
  • Re: Local Policy Update Using Remote Registry Edit
    ... this MMC to establish connectivity with remote systems? ... You can edit local Group Policy remotely by selecting the mmc ... find it always best to edit Group Policy instead of registry settings. ... but this hasn't updated the local policy on the computer. ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Several Problems; how to reset security and troubleshoot serve
    ... There is no error or action when I click on either "Offer Remote ... Assistance" or "Help and Support", ... The Network Service account must be added to the policy settings in the ... This issue may occur if Group Policy settings that were applied at ...
    (microsoft.public.windows.server.sbs)