A place for info I've learnt in IT & stuff. (I get a little kick back from affiliate ads & links, just so you are aware)

Browsing Posts tagged gpedit

gpedit.msc /gpcomputer: Computername

The account you’re logged into needs to have admin rights over that machine. If it don’t, then use your domainadmin account. So you’ll want to run a cmd as your domain admin. To make it easier create a batch file with

runas /user:domainname\admin C:\WINDOWS\system32\cmd.exe

Then in that cmd window type

gpedit.msc /gpcomputer: Computername

For example

gpedit.msc /gpcomputer: a4474

While I’m on DOMAIN1 still, to do it to a machine on DOMAIN2, try using the DOMAIN2\domain2admin account as my domain admin from DOMAIN1 doesn’t work.

Created this as was forever doing it on machine where it was decided not to roll it out over AD. So I did it on an individual bases. Annoying having to go to gpedit.msc all the time to set these settings. So created a batch file to put it directly into the registry, just when gpedit puts it.

Stick the following in a cmd window or in a batch file.

REG ADD HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile /v EnableFirewall /t REG_DWORD /d 0
REG ADD HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile /v EnableFirewall /t REG_DWORD /d 0

What it’s doing:

REG ADD = Adds an entry to the registry.
/v is the Value name that appears under the selected key (In the above example it’s EnableFirewall. This will appear under DomainProfile and StandardProfile as in the image)


/t is the RegKey type in this case it’s a DWORD so you put REG_DWORD

/d is the data you want in it. In this case we want it set to 0. Because it’s set to 0 this bit isn’t actually needed. As adding EnableFirewall as a DWORD it appears to automatically default it to no value, 0. I just included it in the batch file so I knew what the batch file was doing.

And that’s it. Disadvantage I’ve found using the batch file instead of gpedit.msc is that after you run it, it won’t take effect until you reboot. Also if you then check gpedit, it will just said Not Configured. If you then want to use gpedit to config it. You have to set the gpedit entry to disabled, maybe doing gpupdate /force (you can get away with not having to do that most times) and then set it back to Not Configured. Then it will remove the reg entries.

Other than that, appears to work fine.

Info on the REG command can be found here. This helped me create the batch.