Recently I have received a support request from a Customer that need to add multiple value to a GPO. Lets dive into the details.
The customer installed a new third party application is his client environment (Windows 10), this application require a specific GPO to be set on all Clients. The vendor of the application gave to the customer a Custom ADMX Template to permit to set this GPO on all clients. The Customer have all DC 2008R2 and the Policy Central Store Enabled.
The Customer installed the Custom ADMX Template, but when he try to configure the GPO from the GPMC console, he would see this window from the settings:
The problem here, is that he need to add more than 700 urls in this setting, and from this window the user can add one url at time. (A HUGE work of Copy and Paste!)
I have reproduced the customer situation in my Lab with the following steps:
I have created a ListBoxGPO in my lab to do some tests:
I have used a similar policy, the "Intranet Zone Restricted Protocols" that have the same type of Window (a ListBox): You can find the details of this policy here.
Then I have used the LGPO tool to read from the Registry.pol of the GPO where this settings are stored in the registry: =======================================================
Computer SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols\1 <= This is the Registry Key used by the ListBox itopstalk.com <= This is the name of the Value SZ:itopstalk.com <= Those are the Type of the value (SZ = String), and Value.
======================================================= This is the view from the RegEdit from the client:
So now, how can I add more than 700 Url in this GPO? The solution is simple but not really common. Starting from 2008R2 ADDS introduce a PowerShell module for managing GPO called "GroupPolicy". In this module there is a cmdlet called Set-GPRegistryValue this type of policy can configure registry-based Policy. With the settings collected from the LGPO I'm able to use this cmdlet to set the 700 Urls: =====================================================
#Read Urls from a file on disk. $Urls = get-Content .\Urls.txt
#Build a loop to add all the Urls to the specified CPO.