Modificare Windows Firewall via GPO
A volte è necessario gestire un servizio via GPO.
Nello specifico questo script evidenzia come gestire il servizio windows firewall usando le GPO di AD.
Questa è la configurazione da usare.
; Replace Fierewall Start mode
; Start = 4 (disable), 3 (manual), 2(automatic), 1 (system), 0 (boot)
Class Machine
CATEGORY “Hardware Control”
POLICY “Enable firewall seervices”
KEYNAME “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess”
PART “HW: Windows Firewall” Checkbox
VALUENAME “Start”
VALUEON NUMERIC 4 VALUEOFF “3?
END PART
END POLICY
END CATEGORY
http://www.windowsreference.com/windows-2000/how-to-disable-a-service-or-device-drivers-using-group-policies/
Group Policies are used to apply system and security policies for the client PCs in a Windows Active Directory based Domains. While Group Policies is vast in itself to explain, here is a simple procedure on how to enable/disable a service or a Device driver using Group Policies.
The registry keys that the Group Policy targets to disable the service or the drivers is here
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
All the device drivers, services & applications can be found here. I’m disabling my Audio device driver for example in this case.
The Audio driver in my PC is aeaudio.sys and the registry key is
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aeaudio]
In the right-pane, there is a DWORD entry “Start”
The possible values are
“4″ – Disable
“3″ – Manual
“2″ – Automatic
“1″ – System
“0″ – boot
The value “4″ disables the driver. Set the value of the DWORD to “4″ to disable the driver.
Ok. Now, how we do it to multiple client PCs using Group Policies.
Create a new Administrative Template (say sound_dis.adm) with the following
; Replace aeaudio with actual driverkey or service in Registry
; Start = 4 (disable), 3 (manual), 2(automatic), 1 (system), 0 (boot)
Class Machine
CATEGORY “Hardware Control”
POLICY “Disable Soundcard”
KEYNAME “SYSTEM\CurrentControlSet\Services\aeaudio”
PART “HW: Analog Devices (Soundmax)” Checkbox
VALUENAME “Start”
VALUEON NUMERIC 4 VALUEOFF “3″
END PART
END POLICY
END CATEGORY
Once done, import the template in GP snap-in and apply to the group of PCs. The next GP update will disable the registry key on the PCs. Test to see there is no more sound from the system.
Iscriviti a:
Commenti sul post (Atom)
Nessun commento:
Posta un commento
Lascia qui il tuo commento.