Hi Vadims, thanks for the reply.
The configs need to be automated, so using gpedit.msc GUI is no good for
this.... good news about R2 and Windows 7 powershell having support, I'm
sure I'll use when I have them. Right now I have to come up with solution
using only Windows Server 2008 and powershell 1.0 (or other command line
tools that can be automated).
Also, I'm not trying to lock these settings down, its just the base config,
or starting point of the machines, before they are actually given to the end
users, who are the real owners of the machines from that point on, so they
can configure any way they want after they have them.
I do however need the settings to also be visible within the GUI tools, I
was not aware they would not be... and suprised. I would think those tools
are pulling the info from the registry anyway?
so far, afaik, my only real options are direct registry edits, or secedit
for the security related settings like password policy.
any further input is welcome.
"Vadims Podans [MVP]" <vpodans> wrote in message
> even if you haven't AD domain, you should as possible use Local Gropu
> Policy (gpedit.msc). With Windows Server 2008 R2/Windows 7 PowerShell have
> Group Policy module.
> Why registry is not good solution for you - you can't see your settings
> from normal GUI console (such gpedit.msc). Also, here is another little
> benefit (however this is not secuirty improvement). If someone changes
> registry - after system restart these settings will be rewrited with
> correct settings from group policy. Of course, you should enable Registry
> Policy Processing in gpedit.msc.
> WBR, Vadims Podans
> MVP: PowerShell
> PowerShell blog - www.sysadmins.lv
> "James" <noone@xxxxxx> rakstija zinojuma
>> Working on a PS script that is part of a deployment process for
>> servers... before I go ahead with searching for the specific registry
>> entries and doing these configs via direct registry edits, I thought I
>> should check to see if powershell provides any alternatives?
>> 1) I need to set some settings found via the GUI here:
>> Tools -> Folder Options -> View tab: things like 'show hidden files and
>> folders', 'hide extensions for known file types'
>> 2) password policy (local security policy), things like minlength, age,
>> complexity, etc...
>> Should I just do direct registry edits or does powershell offer some
>> alternative? Note: these configs are part of a 'base' config that all
>> servers get *before* ending up in end-user's hands... and the end users
>> in this case are all different companies, so there is no common Active
>> Directory infrastructure for pushing out settings like this via group
>> policy. Just wanted to mention as I know group policy is the most logical
>> choice in other scenarios.
>> actually, this brings another question to mind:
>> 3) in general, for settings that are available and maybe typically set
>> via group policy, or the local policy really, is there some alternative I
>> should be aware of besides direct registry edits? powershell or even
>> other? maybe wmi?
>> any input would be appreciated, thanks.