Scripting GPO entries

[Stevehewitt]

Hi guys,

We are rolling out Vista to our remote workers (sales), and are taking a unique aproach.... the laptops aren't on the domain. In fact they never connect to the LAN.

We are using a SSL VPN device, where users can access OWA, file upload and download, web browsing via our proxy and finally Citrix.

Part of this is locking down the Vista laptop client so that they can only run particular .exe (whitelisted), and also we are using the new hardware restricition GPO to prevent installs of USB sticks and other hardware other than what we already installed and/or have included in the GPO. (hardware whitelisting)

However, entering in 62 application names correctly across 30 laptops, and then even more complicated 34 device id's and class id's is not only very time consuming - but introduces a large margin for error.

As such, is there any way I can script the entries of just these two GPO's? (We have some other GPO's set too but theres only a few and they are just on or off etc.)

Not too hot at VBScript or WMI but IMHO I'm assuming that it's going to be some scripted reg hack...!

Cheers in advance,



Steve.

"They have the internet on computers now!" - Homer Simpson

 

[linney]

Have you tried the Server Forums?

http://www.tek-tips.com/threadminder.cfm?pid=931

Administrative Templates (.admx) for Windows Vista

http://www.microsoft.com/downloads/...8B-95F9-4BDD-AF36-B365D68EC5F6&displaylang=en

deploying group policy in vista

http://social.technet.microsoft.com/Search/en-au/?Query=deploying group policy in vista

Q310516 HOW TO: Distribute Registry Changes to Computers in Windows XP

http://support.microsoft.com/support/kb/articles/q310/5/16.asp