Hi everyone I am currently using Ansible to control multiple Windows Server machines to export their registry.pol under the machine folder of group policy and convert it to .txt using LGPO.exe before sending it to my Ansible Server. The Ansible Server
will then read line by line and change the registry.txt file according to the CIS standards. After changing the registry.txt the Ansible Server will then send the registry.txt to each Windows Server machines and call out the LGPO.exe to convert these .txt
files back into registry.pol and use "gpupdate /force". I have test 2 settings and I have noticed that the registry keys will be updated. However I notice that doing this messes up the registry.pol in a sense that in the future whenever I would like
to use the Group Policy Editor to edit the changes, it would update the registry keys but the registry.pol would not store the settings. May I know if there is any issue with my idea? So far it has been working except for this issue on my automation somehow
bricking the GUI.
↧