How to modify local group policy setting programatically

Question

I am looking for a way to programatically change the value of a group policy setting without having to reboot a machine or install any additional components on it

Lo

Answer 1

use this link :)

http://blogs.technet.com/b/fdcc/archive/2010/01/15/updated-lgpo-utility-sources.aspx

you can use this Project For modify GPO on local System. not change Direct Registry!!!!

HRESULT hr;
IGroupPolicyObject* pLGPO;
HKEY machine_key, dsrkey;

const IID my_IID_IGroupPolicyObject =
{ 0xea502723, 0xa23d, 0x11d1, { 0xa7, 0xd3, 0x0, 0x0, 0xf8, 0x75, 0x71, 0xe3 } };
const IID my_CLSID_GroupPolicyObject =
{ 0xea502722, 0xa23d, 0x11d1, { 0xa7, 0xd3, 0x0, 0x0, 0xf8, 0x75, 0x71, 0xe3 } };
GUID ext_guid = REGISTRY_EXTENSION_GUID;
// This next one can be any GUID you want
GUID snap_guid = { 0x3d271cfc, 0x2bc6, 0x4ac2, { 0xb6, 0x33, 0x3b, 0xdf, 0xf5, 0xbd, 0xab, 0x2a } };

// Create an instance of the IGroupPolicyObject class
CoInitializeEx(NULL, COINIT_APARTMENTTHREADED);
CoCreateInstance(my_CLSID_GroupPolicyObject, NULL, CLSCTX_INPROC_SERVER,
    my_IID_IGroupPolicyObject, (LPVOID*)&pLGPO);

// We need the machine LGPO (if C++, no need to go through the lpVtbl table)
hr = pLGPO->OpenLocalMachineGPO( GPO_OPEN_LOAD_REGISTRY);
hr = pLGPO->GetRegistryKey( GPO_SECTION_MACHINE, &machine_key);
//hr = pLGPO->GetRegistryKey(GPO_SECTION_USER, &machine_key);

// The disable System Restore is a DWORD value of Policies\Microsoft\Windows\DeviceInstall\Settings
LSTATUS sdf = RegCreateKeyEx(machine_key, L"Software\\Policies\\Microsoft\\Windows\\DeviceInstall\\Settings",
    0, NULL, 0, KEY_SET_VALUE | KEY_QUERY_VALUE, NULL, &dsrkey, NULL);

// Create the value
LSTATUS ds = RegSetKeyValue(dsrkey, NULL, KeyValue, REG_DWORD, &KeyData, sizeof(KeyData));
RegCloseKey(dsrkey);

// Apply policy and free resources
//pLGPO->Save( TRUE, TRUE, &ext_guid, &snap_guid);
GUID RegistryId = REGISTRY_EXTENSION_GUID;
GUID ThisAdminToolGuid =
    /*{ CLSID_PolicySnapinUser/* */
{
    0x0F6B957E,
    0x509E,
    0x11D1,
    { 0xA7, 0xCC, 0x00, 0x00, 0xF8, 0x75, 0x71, 0xE3 }
};

LSTATUS rStatus = RegCloseKey(machine_key);
//
// Write the GPO back to the directory
//
hr = pLGPO->Save(
    FALSE,
    TRUE,
    &RegistryId,
    &ThisAdminToolGuid);

RegCloseKey(machine_key);
pLGPO->Release();

Answer 2

I wrote a .NET library to assist with this problem. You can read about it here. It is open and source and you can get code and binaries here. Once you know the registry values that are relevant you can make the necessary changes to them using this library and it will save them into the registry.pol file.

Answer 3

Use the Group Policy Object (CLSID_GroupPolicyObject), sample here.