Ranjan, I see that you have answered Alan, but unfortunately mails from you are being stripped as (false positive) exploits by our anti-spam, so I can only see messages where someone has replied, perhaps you have something in your signature or something that triggers it or we just have a crappy anti-spam system ;) Anyway, I really agree with Alan, is there a reason why you cannot go for a domain instead, managing workgroups are not really a cost effective solution. But if you still want to manually edit remote local GPOs (one at a time) you can do it this way with GPOE: gpedit.msc /gpcomputer: mycomputer.mydomain.local But if you really want to perform stuff in a more automated way, you’ll need to use IGroupPolicyObject::OpenRemoteMachineGP() from a language that supports COM vtables, i.e not scripts and VB6, and do not bother doing it from a Vista box, since it has been removed and replaced with the undocumented IGroupPolicyObject2 to support multiple local GPOs. And when you have opened the GPO, you can edit the registry policy, but besides that, the rest of the GP extensions are pretty much a black boxes. So after saying that, you should really go for Alan’s suggestion and either create a script that you can run somehow, or even better add the computers to a domain. You’ll definitively benefit from it in the long run :) HTH, Thorbjörn Sjövold Special Operations Software www.specopssoft.com <http://www.specopssoft.com> thorbjorn.sjovold a t specopssoft.com Download our free tool for remote Gpupdate with graphical reporting, http://www.specopssoft.com/products/specopsgpupdate/ <http://www.specopssoft.com/products/specopsgpupdate/> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Alan & Margaret Sent: den 3 maj 2007 00:59 To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: How to Apply Policy for system in workgroup or standalone Hi Ranjan, Sorry... I don't think I can be a lot of help. As I have said, I haven't had much experience in a non domain environment and not much script work either. I tend to do everything in VB6. As to running Local Policy remotely, I don't think you can. You may need to open a terminal session on the machine and then run it from there. If you have scripted the Registry key settings for the machine, you can try running it from the start up directory (assuming the users have sufficient authority and you trust them not to delete it), otherwise you will have to get it to run from Local Group Policy, either by manually adding it on each machine or scripting up the process. Be aware that if you do it via a script, any changes will require a reboot of the machine. If you were using normal Group policy on a domain, and implemented it via Admin templates you can get it to refresh regularly. I would question why you don't just make your life a lot simpler by creating a domain controller and using that rather than a work group. Your machine maintenance and User maintenance suddenly becomes a lot easier. I suspect it would be less work than trying to get local policies doing it for you. Alan Cuthbertson Policy Management Software:- http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml ADM Template Editor:- http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml Policy Log Reporter(Free) http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml -----Original Message----- From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Ranjan Babu .G Sent: Tuesday, 1 May 2007 4:03 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: How to Apply Policy for system in workgroup or standalone Hi Alan Cuthbertson, Very useful. Is there is any way to open Local policy of remote system ( 2000 ,2003 servers)in workgroup .In the senior if I have common admin username /password across the workgroup ?.Same way how to take report of all system in WG If you have any script for this please help. * Do you want to do different things on different machines? Yes, We have different application (Application ,SQL ,IIS Servers) running on 2000 and 2003 environment * Can you easily visit each machine Hope ,But nearly 50 can not. We can not reboot the system most of time. * How much effort are you willing to put in up front Ready to put effort .If you guide me I can do it fast. As of now I created script to adding registry keys and setting security based on CIS recommendation for system context. Regards, Ranjan gptalk] Re: How to Apply Policy for system in workgroup or standalone * From: "Alan & Margaret" <syspro@xxxxxxxxxxxxxxxx> * To: <gptalk@xxxxxxxxxxxxx> * Date: Mon, 30 Apr 2007 22:28:52 +1000 Hi Ranjan, It’s a long time since I have worked in a non-domain area, but I suspect the answer depends on several things such as:- * Do you trust the user to not try and circumvent what you are doing * Do you want to do different things on different machines * Can you easily visit each machine * How much effort are you willing to put in up front Probably the easiest way is to write a script that runs from the startup folder. However, if you want to go beyond just adding registry keys and setting security, using Local Group Policy may be the go, but it is rather tedious manually running Local Group Policy on each machines. You can write code to configure Local Group Policy, but that is a lot of up front work. You mention ADM files. They are really a component within Local Group Policy and so are not really relevant. If you are setting security, you may need to run it in the Machine context rather than the user context. This means that you need to run the script at machine start time not logon time. This can be done from Local Group Policy, but requires some programming work unless you manually set it up on each machine. Hope that helps… Alan Cuthbertson -----Original Message----- From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Ranjan Babu .G Sent: Monday, 30 April 2007 3:25 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] How to Apply Policy for system in workgroup or standalone Hello Everyone , Our Client having 100 + server in workgroup (Mixed OS 2000 and 2003 Servers) and would like to apply policy (As per CIS benchmark )using any method .And also need to add additional registry entry and secure the permission for registry key. I want know in which is best method to apply poliocy ? . Using Script/ Local POlicy editor/ADM file ? And how to proceed and looking forward to hearing from you. Type of servers in workgroup. 1.Applictaion Server 2.Web Server 3.SQL DB server Regards, Ranjan آ칻&~&ZF݊x‑)d-zX "˛m^Jy_]9 x"-ybyi[1]!~b֫yڊV歆i߭祊l܆+)d