Tough Questions Answered: How to add multiple values to a GPO with a listbox.

Recently I have received a support request from a Customer that need to add multiple value to a GPO. Lets dive into the details.

ENVIRONMENT

The customer installed a new third party application is his client environment (Windows 10), this application require a specific GPO to be set on all Clients. The vendor of the application gave to the customer a Custom ADMX Template to permit to set this GPO on all clients. The Customer have all DC 2008R2 and the Policy Central Store Enabled.

THE PROBLEM

The Customer installed the Custom ADMX Template, but when he try to configure the GPO from the GPMC console, he would see this window from the settings:

The problem here, is that he need to add more than 700 urls in this setting, and from this window the user can add one url at time. (A HUGE work of Copy and Paste!)

SOLUTION

I have reproduced the customer situation in my Lab with the following steps:

1. I have created a ListBoxGPO in my lab to do some tests:
   
   
   
2. I have used a similar policy, the "Intranet Zone Restricted Protocols" that have the same type of Window (a ListBox):
   
   You can find the details of this policy here.
   
   
3. Then I have used the LGPO tool to read from the Registry.pol of the GPO where this settings are stored in the registry:
   =======================================================
   LGPO.exe /parse /m "\\lab.com\SYSVOL\lab.com\Policies\{719264A1-F33B-485C-828F-4B00589272B5}\Machine\Registry.pol"
   ; ----------------------------------------------------------------------
   ; PARSING Computer POLICY
   ; Source file:  \\lab.com\SYSVOL\lab.com\Policies\{719264A1-F33B-485C-828F-4B00589272B5}\Machine\Registry.pol
   Computer
   SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols
   ListBox_Support_1
   DWORD:1
   Computer
   SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\1 <= This is the Registry Key used by the ListBox
   itopstalk.com  <= This is the name of the Value
   SZ:itopstalk.com  <= Those are the Type of the value (SZ = String), and Value.
   ; PARSING COMPLETED.
   ; ----------------------------------------------------------------------
   
   =======================================================
   This is the view from the RegEdit from the client:
   
   
   
4. So now, how can I add more than 700 Url in this GPO?
   The solution is simple but not really common. Starting from 2008R2 ADDS introduce a PowerShell module for managing GPO called "GroupPolicy". In this module there is a cmdlet called Set-GPRegistryValue this type of policy can configure registry-based Policy.
   With the settings collected from the LGPO I'm able to use this cmdlet to set the 700 Urls:
   =====================================================
   
   #Read Urls from a file on disk.
   $Urls = get-Content .\Urls.txt
   
   #Build a loop to add all the Urls to the specified CPO.
   
   foreach ($Url in $Urls)
   {
       Set-GPRegistryValue -Name ListBoxGPO -ValueName $Url -Type String -Value $Url -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\1"    
   }
   
   =====================================================
   
   
5. Verify correct execution of the script by editing the GPO from the GPMC and check the content of the Listbox:
   
   
   
6. Verify if the registry key of the client, have the correct registry value applied by the GPO:
   
   
7. Mission Complete! :)