How to get/set/update registry value through group policy cmdlet of Windows PowerShell?

Saher Ahwal picture Saher Ahwal · Jun 8, 2012 · Viewed 8.3k times · Source

I have configured the EventForwarding Manually but I was wondeing If I could do it programmatically and I came across the Group Policy Cmdlets which seems to be the solution. Here is what I am trying to configure manually in the image below.

Event Forwarding Policy Config

When I run the Get-GPO -all cmdlet I don't see any GPOs related to Event Forwarding. However when I ran the Get-GPResultantSetOfPolicy with the specified path of an XML file, I got to see my configuration of the Subscription manager of the Event Forwarding.

Question 1: Why isn't the event forwarding policy shown in Get-GPO -all result?

Question 2: How to find out the GUID of the policy I need so I can use the Get-GPRegistryValue? besides providing the Key (which I was able to find and verfiy that it has my configuration that I have done through the gpedit.msc UI.

Question 3: How to figure out the display name of the policy in question? I tried the following:

PS C:\Windows\PolicyDefinitions> Get-GPRegistryValue -Name SubscriptionManager -Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies
\Microsoft\Windows\EventLog\EventForwarding\SubscriptionManager

Where I tried for the Name attribute different things like : "EventForwarding", "EventForward", "SubscriptionManager" and even "Configure target Subscription Manager". And here is what I got :

***Get-GPRegistryValue : The command cannot be completed because a GPO that is named "SubscriptionManager" was not found
in the nfstest.stbtest.microsoft.com domain. Make sure that the GPO that is specified by the Name parameter exists in
the domain that is specified for the cmdlet. Then, run the command again.
Parameter name: Name
At line:1 char:1
+ Get-GPRegistryValue -Name SubscriptionManager -Key HKEY_LOCAL_MACHINE\SOFTWARE\P ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Microsoft.Group...tryValueCommand:GetGPRegistryValueCommand) [Get-GPReg
   istryValue], ArgumentException
    + FullyQualifiedErrorId : GpoWithNameNotFound,Microsoft.GroupPolicy.Commands.GetGPRegistryValueCommand***

Any Help regarding any of the three related questions would be appreciated.

EDIT 1:

As you can see in the image below, when I manually configure taregt subscription manager, I get the key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\EventForwarding\SubscriptionManager in the registry. My question for now is simple, how can I do that with cmdlets? All what I tried so far didn't create that key for me in the registry , NOT the AD.

Thanks

Answer

JPBlanc picture JPBlanc · Jun 8, 2012

Sorry not sure to understand what you do. Here is a full example :

PS C:\silogix> Import-Module grouppolicy
PS C:\silogix> New-GPO -Name "MyGPO" | New-GPLink -target "OU=SousMonou,OU=MonOu,DC=dom,DC=fr" `
                       -linkenabled yes


GpoId       : f31df409-ca35-47cd-b699-52426e2bd196
DisplayName : MyGPO
Enabled     : True
Enforced    : False
Target      : OU=SousMonou,OU=MonOu,DC=dom,DC=fr
Order       : 1



PS C:\silogix> get-gpo -all


DisplayName      : Default Domain Policy
DomainName       : dom.fr
Owner            : DOM\Admins du domaine
Id               : 31b2f340-016d-11d2-945f-00c04fb984f9
GpoStatus        : AllSettingsEnabled
Description      :
CreationTime     : 16/09/2010 21:07:03
ModificationTime : 09/09/2011 21:04:06
UserVersion      : AD Version: 0, SysVol Version: 0
ComputerVersion  : AD Version: 11, SysVol Version: 11
WmiFilter        :

DisplayName      : Default Domain Controllers Policy
DomainName       : dom.fr
Owner            : DOM\Admins du domaine
Id               : 6ac1786c-016f-11d2-945f-00c04fb984f9
GpoStatus        : AllSettingsEnabled
Description      :
CreationTime     : 16/09/2010 21:07:03
ModificationTime : 06/06/2012 17:58:00
UserVersion      : AD Version: 0, SysVol Version: 0
ComputerVersion  : AD Version: 4, SysVol Version: 4
WmiFilter        :

DisplayName      : MyGPO
DomainName       : dom.fr
Owner            : DOM\Admins du domaine
Id               : f31df409-ca35-47cd-b699-52426e2bd196
GpoStatus        : AllSettingsEnabled
Description      :
CreationTime     : 08/06/2012 07:04:16
ModificationTime : 08/06/2012 07:04:16
UserVersion      : AD Version: 0, SysVol Version: 0
ComputerVersion  : AD Version: 0, SysVol Version: 0

PS C:\silogix> Set-GPRegistryValue -Name "MyGPO" -Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\EventForwarding\SubscriptionManager -value "Server=https://EVTCPT:5986/wsman/SubscriptionManager/WEC" -t
ype String

PS C:\silogix> Get-GPRegistryValue -name "MyGPO" -Key "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\EventForwarding\SubscriptionManager"


KeyPath     : SOFTWARE\Policies\Microsoft\Windows\EventLog\EventForwarding\SubscriptionManager
FullKeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\EventForwarding\SubscriptionManager
Hive        : LocalMachine
PolicyState : Set
Value       : Server=https://EVTCPT:5986/wsman/SubscriptionManager/WEC
Type        : String
ValueName   : 1
HasValue    : True

So you can see it in GPMC.MSC. enter image description here