Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible to use with PDQ Deploy? #5

Closed
gitty8 opened this issue Nov 4, 2017 · 3 comments
Closed

Possible to use with PDQ Deploy? #5

gitty8 opened this issue Nov 4, 2017 · 3 comments
Labels
question A question about Policy Plus itself

Comments

@gitty8
Copy link

gitty8 commented Nov 4, 2017

Have someone experience to use this with PDQ Deploy / Inventory to edit GPOs for local machines on network or domain ?
@Fleex255 Fleex255 added the question A question about Policy Plus itself label Nov 4, 2017
@Fleex255
Copy link
Owner

I did a little reading on PDQ Deploy (since I was previously unfamiliar with it) and it looks like you could use it to replace local GPOs by creating a custom package with a file copy followed by a bit of PowerShell to invoke policy refresh. Unfortunately, per this documentation page it appears that a paid version of PDQ Deploy is necessary for those step types. I'm therefore unable to test any methods, but if you have a fancy version, I'd be happy to work with you to figure out a solution.

@gitty8
Copy link
Author

gitty8 commented Nov 26, 2017

https://www.pdq.com/try/
14 days trial is possible?

@Fleex255
Copy link
Owner

Sorry for the long wait! I finally got an environment set up where I can test this, and I managed to get something working. To create the policy settings you want to deploy, use File | Open Policy Resources to create a POL file for both the computer and user sources. I called them comp.pol and user.pol respectively. Once you have those opened, set your policy settings as normal. After you've saved, copy the POL files and Policy Plus.exe to a new folder.

In PDQ Deploy, create a new package. Set its "run as" option to Local System. Add a File Copy step, with the POL-and-EXE-containing folder as the source and $(Repository) as the destination. In the File Patterns box, put *.pol and *.exe. (This will keep any loose CMTX files out of the way if you ever want to edit the POLs right from the deployment folder.) Add a PowerShell step with this script:

$repo = [System.Environment]::ExpandEnvironmentVariables("$(Repository)")
[System.Reflection.Assembly]::LoadFile("$repo\Policy Plus.exe")
$compLoader = New-Object PolicyPlus.PolicyLoader ('LocalGpo', '', $false)
$compSrc = $compLoader.OpenSource()
$compPol = [PolicyPlus.PolFile]::Load("$repo\comp.pol")
$compPol.Apply($compSrc)
$compLoader.Save()
$compLoader.Close()
$userLoader = New-Object PolicyPlus.PolicyLoader ('LocalGpo', '', $true)
$userSrc = $userLoader.OpenSource()
$userPol = [PolicyPlus.PolFile]::Load("$repo\user.pol")
$userPol.Apply($userSrc)
$userLoader.Save()
$userLoader.Close()
gpupdate

This script applies the deployed POL files onto the computer's local GPO. If you're only interested in one section, remove the code specific to the other. There is then no need to deploy the POL for the section you don't want.

Note that if you configure a policy, deploy, then unconfigure the policy, the configuration will probably stick. If that's a problem, or if this setup doesn't do what you're after, please let me know.

@Fleex255 Fleex255 closed this as completed Jul 6, 2018
@Fleex255 Fleex255 mentioned this issue May 22, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question A question about Policy Plus itself
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Fleex255 @gitty8