How can I edit local security policy from a batch file?

Solution 1:

You can use the ntrights utility to edit account privileges.

The user right "SeDenyInteractiveLogonRight" is what you want to edit, likely as part of the computer's logon.

The following command would deny jscott interactive logon:

ntrights -u jscott +r SeDenyInteractiveLogonRight

http://support.microsoft.com/kb/315276

http://ss64.com/nt/ntrights.html

Solution 2:

you could export a template using the GUI

make desired changes on reference PC,

SECPOL.MSC > Actions > export Policy > secpol.inf

then use

SECEDIT.exe /IMPORT

wrap it in your favorite scripting language (Batch, PS, VBScript)

and it will overwrite the current policy

only concern would be if there are issues with overwriting the current policy

I've never done it with security policy, but have before with power profiles, and the process looks almost identical, similar to the NET.exe command.

Solution 3:

I looked for so long too. I figured out the answer!

To check the current state :

auditpol /get /subcategory:"Process Creation"

This next line will make the change. It will set the process creation to Enabled.

auditpol /set /subcategory:"Process Creation"

Check the state again and you'll see the change.

Alternatively, you could change all of the "detail tracking" policies, as "process creation" is a subcategory of "detail tracking". Like this:

auditpol /set /category:"Detailed Tracking"

Tags:

Windows

Security

Vbscript

Batch File

Group Policy

Recent Posts