Change Local Group Policies remotely on Windows workstations outside Windows domain
Solution 1:
Assuming you have admin rights on that local computer or access to an account you could do the following:
- launch an
mmc
(if you have to change accounts, then userunas
from a cmd line to launch the mmc) - You can add the Group Policy snap-in from
File, Add/Remove Snap-in
- Choose `Group Policy Object Editor" and click Add
- Change it from Local Computer by clicking "Browse" and then clicking "Another Computer" and typing in the name of the remote computer
As far as running a script...sure, but you'd have to be a lot more specific as to how you want to connect to the computers, whether you want it to run once remotely or at login, scheduled, etc. etc. etc.
Solution 2:
You haven't said which version of Windows the workstations are running, but the easiest thing to do is to launch Group Policy editor to create the policies (like TheCleaner described). Then copy the user
and computer
folders from the first machine's %systemroot%\system32\grouppolicy\
to the new machine's same location, then either reboot or run gpupdate /force
. This should work fine for both XP and 7.
As for running these remotely, you could either use PSExec to run gpupdate force
, or you could use shutdown /r /m \\computername
. Both of these assume that you're running the command/script from a local account with credentials that have administrative rights on the target machine, or have specified those credentials for PSExec.