Jump to content
Please Use CODE Tags

[Powershell] change a local security policy

WillLTT
By WillLTT
in Programming
 Share
Go to solution Solved by TheRealShadoh,

If this is on a domain system, use a GPO, but an easy solution is just change the registry of the box

  

Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -name "dontdisplaylastusername" -value 1

If its more than just your box you're hitting...
  

try
{
    $existingValue = Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -name "dontdisplaylastusername"
    Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -name "dontdisplaylastusername" -value 0
    $newValue = Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -name "dontdisplaylastusername"
}
catch
{
    throw
}
Write-Output "Was: $($existingValue)"
Write-Output "Is: $($newValue)"

 Do some logging and output stuff to something you can review. 

Use a loop if you have a bunch of things to change in registry. 

 foreach($object in $list)
 {

 }

 

Posted

Im alright at batch, but not powershell.

 

im trying make a powershell script that changes the: 

set interactive: do not display last username

local security policy to true.

 

i found: this stackoverflow question

but i dont know how to use it

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Modified from the stackoverflow answer you've provided: 

secedit /export /cfg c:\secpol.cfg
  
(gc C:\secpol.cfg).replace("DontDisplayLastUserName=4,0", "DontDisplayLastUserName=4,1") | Out-File C:\secpol.cfg
  
secedit /configure /db c:\windows\security\local.sdb /cfg c:\secpol.cfg /areas SECURITYPOLICY
  
rm -force c:\secpol.cfg -confirm:$false

1. Export the system security configuration to C:\secpol.cfg

2. Get the content of this file and make string replacement to enable your desired policy

3. Update the local security policy with the updated configuration

4. Delete the exported config file

 

While this approach will work as is, you may want to consider Conrad's comment. If you're going to be doing anything more with security policy, you might want to consider this answer, or finding something similar (perhaps PolicyFileEditor?).

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Solution

If this is on a domain system, use a GPO, but an easy solution is just change the registry of the box

  

Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -name "dontdisplaylastusername" -value 1

If its more than just your box you're hitting...
  

try
{
    $existingValue = Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -name "dontdisplaylastusername"
    Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -name "dontdisplaylastusername" -value 0
    $newValue = Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -name "dontdisplaylastusername"
}
catch
{
    throw
}
Write-Output "Was: $($existingValue)"
Write-Output "Is: $($newValue)"

 Do some logging and output stuff to something you can review. 

Use a loop if you have a bunch of things to change in registry. 

 foreach($object in $list)
 {

 }

 

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Programming

×