enabling local group policy through script - batch-file

We are experiencing some problems when signing in to Onedrive, we found a fix with a policy. Now I want to make a script to deploy it to other customers.
I tried adding a key to te registry to enable te policy:
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002" /v Functions /t REG_SZ /d TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_NULL_SHA256,TLS_RSA_WITH_NULL_SHA,TLS_PSK_WITH_AES_256_GCM_SHA384,TLS_PSK_WITH_AES_128_GCM_SHA256,TLS_PSK_WITH_AES_256_CBC_SHA384,TLS_PSK_WITH_AES_128_CBC_SHA256,TLS_PSK_WITH_NULL_SHA384,TLS_PSK_WITH_NULL_SHA256
However, when I run this script, it doesn't enable the policy in gpedit.msc.
Am I doing something wrong?

Related

Batch file Proxy Setting Disable not working Win 10

The following line of script from a Batch file works fine in Win 7 and successfully disables the proxy setting in IE, but when i have tried it on Win 10 it dosnt work the proxy setting in unaffected, any ideas why?
UAC is auto elevated as per UAC so admin privileges is not an issue.
i have checked with regedit and the HKCU directory seems to be the same path on both.
echo LAN Settings - Proxy Setting *Disable*
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" ^ /v ProxyEnable /t REG_DWORD /d 0 /f
IE > Internet Options > Connections > LAN Settings

In batch script silent installation using Reboot=reallysuppress is not updating the files

I am using batch Script for silent Installation to update the locked and in use files.Using silent installation reboots my system automatically after the update.But I wanna setup a custom reboot message box , So I used the REBOOT=ReallySuppress attribute. And I used a message box to popup the custom reboot message. This helps me avoid the auto-reboot of the system but it is not updating the files even after performing a manual reboot.
Here is the script that I am using.
#echo off
title Installing Updates
msiexec /i "C:\Users\tparvathaneni\Documents\Visual Studio 2015\Projects\SetupProject1\SetupProject1\bin\Debug\SetupProject1.msi" /qn /REBOOT=ReallySuppress
echo updates installed
echo msgbox "Restart your system to complete the installation." > "%temp%\popup.vbs"
wscript.exe "%temp%\popup.vbs"
pause >NUL
shutdown.exe /r /t 000
Can someone give me a solution to get the files updated with manual reboot.
did you try instead of /REBOOT=ReallySuppress the /norestart option?
Please also make a log file in the install cammand via /l option. Then read the log if really the installer reboots the computer.

installing windows service from command line "The specified service has been marked for deletion"

I am trying to create a batch file to automate uninstalling, building and reinstalling a windows service.
After uninstalling when I try to reinstall I get the error: The specified service has been marked for deletion.
here is the batch script:
#ECHO off
set filePath=<myfilepath>
set serviceName=<myservicename>
sc query %serviceName% > nul
if %ERRORLEVEL% EQU 0 net stop %serviceName% & sc delete %serviceName%
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe C:\Users\Christopher\Desktop\TFS\MOC\LaneUpdateService\LaneUpdateService.sln /property:Configuration=Debug
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\installutil.exe %filePath%
sc start %serviceName%
I do not have task manager, services or event viewer open, there are no other users logged in. I have tried deleting the reg key for my service, with no luck. If I run my script again after it failing it will install correctly. Is there a way to manually make sure the service is fully deleted?
The problem was that after stopping my service there was still a process running. I altered my onstop method to make sure all processes were stopped correctly. now the batch file works correctly. As #Harry Johnston suggested I will be adding a while loop to the batch file.

winrs reg query works but reg query hostname does not

I am trying to verify that the usbstor driver is set to disabled on a remote machine in my domain in a vbscript but I'm having issues. I've turned to troubleshooting from the command line.
Using plain old reg query fails.
reg query \\hostname\hklm\system\currentcontrolset\services\usbstor /v start
ERROR: The network path was not found.
But if I run essentially the same command with winrs, it works fine.
winrs -r:hostname reg query hklm\system\currentcontrolset\services\usbstor /v start
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\usbstor
start REG_DWORD 0x4
Both commands work fine on other computers. What gives with this one?
Regardless of the computer I'm running the commands against, I open the firewall with this command:
winrs -r:hostname netsh advfirewall firewall set rule
group="Windows Management Instrumentation (WMI)" new enable=yes
The service RemoteRegistry is not running (or not accessible) on the remote host. You should be able to start it like this:
sc \\hostname config RemoteRegistry start= auto
sc \\hostname start RemoteRegistry
If the service is running but still not accessible, check that the Windows Firewall allows RPC.

Batch script does not execute properly when launched automatically

I've an issue that seems a privilege issue but i really do not understand what is happening.
This is my installation script :
...some command...
C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil C:\Programmi\ProgDir\ProgService.exe >> log.txt
ping 127.0.0.1 -n 5 > null
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /f
ping 127.0.0.1 -n 2 > null
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /d C:\Programmi\ProgDir\ProgName.exe /f
I try this script using installation wizard (created by winrar) and manually , in both cases i give to the script admin privilege; to prove this the service is installed successfully (it require administration privilege, so the script has these privileges as expected) but the registry is not affected if the script is launched by the wizard.
Can anybody explain to me what is happening ?
Thanks in advance (and sorry for my poor english)

Resources