Is there a way to create group of users with group policy apllied to them via Powershell/CMD? My machine is not joined to a domain. I want to prepare a script which I will use multiple times on other local computers/ machines to recreate group policy. I want e.g restrict user access to Control Panel, Internet Access and stuff like that.
Thanks from advance for answers
For computers not joined to the domain, you can't use Group Policy. You will need to use Local Policy. Many of the items that you are looking for will simply be registry value that you can easily set with a PowerShell script. For example the policy for Hiding Fast User Switching toggles can be toggled like this:
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name HideFastUserSwitching -Value 0
You can look up where the values are by reading the .admx templates
Alternatively you could use David Wyatt's PowerShell module to read and modify policy files.
Finally the last option would be create the policy on one computer and then overwrite the .pol files on all the computers and then gpupdate /force. This of course could be scripted with PowerShell.
Copy-Item \\ExampleComputer1\C$\Windows\System32\GroupPolicy\Machine\Registry.pol \\ExampleComputer2\C$\Windows\System32\GroupPolicy\Machine\Registry.pol -Force
Copy-Item \\ExampleComputer1\C$\Windows\System32\GroupPolicy\User\Registry.pol \\ExampleComputer2\C$\Windows\System32\GroupPolicy\User\Registry.pol -Force
Security Templates would have to be exported from the Security Templates mmc snapin and then imported on the other computers with secedit
secedit /configure /db %temp%\temp.sdb /cfg yourcreated.inf