This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
User rights assignment in Group Policy Object using powershell?
Not able to grant user rights assignment in group policy object using PowerShell Is there any way or command to add user rights in group policy?
Manual steps:
- Open Group Policy Management
- Navigate to the following path in the Group Policy Object
- Select Policy
- Right click & Edit: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment.
- Add/remove the necessary users.
Active Directory A set of directory-based technologies included in Windows Server. 6,658 questions Sign in to follow Follow
Windows Server PowerShell Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications. PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language. 5,561 questions Sign in to follow Follow
I realise this post is quite old, but there is a post that talks about a way you could do this by building up a GPO, the same way the export/import GPO works in Powershell: https://jigsolving.com/gpo-deep-dive-part-1/ Within that article, there's a bare bones example of this on Github: https://github.com/Jigsolving/powershell/blob/main/User%20Rights%20Assignment%20GPO/create-customURAGPO.ps1
It definitely works, and this is just one way it can be done. The article focuses on basically building up the raw bones of a GPO that resembles what an exported GPO looks like, and then imports it.
Give this a try.
https://learn-powershell.net/2015/06/03/managing-privileges-using-poshprivilege
Thanks @MotoX80 for sharing this module Tried this module but it didn't work as per my expectations I am looking to add user rights in group policy in group policy management of domain controller but this module gives user rights in local policy. If you have another module or command please share I also tried Set-GPPermission but it is giving user permission to edit settings, delete, modify security.
I no longer have access to an AD environment, so I am not able to test. Perhaps another forum user can provide assistance.
Have you seen this page?
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd759177(v=ws.11)?redirectedfrom=MSDN
https://www.ntweekly.com/2020/08/07/configure-a-group-policy-with-powershell/
Yes, already seen these pages And as per https://www.microsoft.com/en-au/download/details.aspx?id=25250 this link/sheet user rights assignment don't have registry keys.
Random thoughts from a retired sysadmin....
Well it has to be stored somewhere on the DC.
https://techgenix.com/group-policy-settings-part1/
Make a change to one policy and then search the sysvol folder and see if you can find the file that contains your update. If that's a text based file (not in binary format) then you might be able to update the policy just like you would update the content of any other text file.
I assume that you have already done the "Import-Module GroupPolicy" and searched for "GP" related commands as that page described. If you haven't, then you should start there.
Hi @ArpitShivhare-6858
I've had to do something similar in the past with automatic GPO generation, and the below was the only way I could find to do so. It basically creates the GPO manually, but it should work for your purposes
To add additional fields or users to the Local User Rights Assignments, I would recommend creating the GPO manually, then taking a look at the GptTmpl.inf file to see what format, values and syntax of the fields required. From my testing it uses SIDs, not the SamAccountName value, so you will have to pull the SID for each user that you need to add
Your answer
IMAGES
VIDEO