Créer une stratégie de groupe (GPO) en Powershell

Set-StrictMode -Version 2
 
# load required modules
Import-Module ActiveDirectory
Import-Module GroupPolicy

#define variables
$GPOName       = 'GPO created by PowerShell'
$defaultNC     = ( [ADSI]"LDAP://RootDSE" ).defaultNamingContext.Value
#$TargetOU      = 'OU=Serveurs,' + $defaultNC
$TargetOU      = $defaultNC

#create new GPO shell
$GPO = New-GPO -Name $GPOName

#Pose d'éléments pour modifier des clés de registre par GPO
Set-GPPrefRegistryValue -Name $GPOName -Action Update -Context Computer -Key 'HKCC\Software\Microsoft\Internet Explorer\Main' -Type DWord  -ValueName 'UseSWRender' -Value 1 | out-null
Set-GPPrefRegistryValue -Name $GPOName -Action Update -Context Computer -Key 'HKLM\Software\Citrix\Dazzle' -Type String   -ValueName 'AllowAddStore' -Value 'A' | out-null
Set-GPPrefRegistryValue -Name $GPOName -Action Update -Context Computer -Key 'HKLM\Software\CitrixAuthManager' -Type String   -ValueName 'ConnectionSecurityMode' -Value 'Any' | out-null

#Pose d'éléments pour modifier des paramètres par GPO
Set-GPRegistryValue -Name $GPOName -key "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName AUOptions -Type DWORD -value 2
Set-GPRegistryValue -Name $GPOName -key "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName DetectionFrequency -Type DWORD -value 4
Set-GPRegistryValue -Name $GPOName -key "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" -ValueName DetectionFrequencyEnabled -Type DWORD -value 1

#link the new GPO
New-GPLink -Name $GPOName -Target $TargetOU | out-null

Set-GPRegistryValue -Name $GPOName -key "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" -ValueName ShutdownWithoutLogon -Type DWORD -value 1
Set-GPRegistryValue -Name $GPOName -key "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" -ValueName DisableCAD -Type DWORD -value 1
Set-GPRegistryValue -Name $GPOName -key "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" -ValueName ConsentPromptBehaviorAdmin -Type DWORD -value 0

Set-StrictMode -Version 2
 
# load required modules
Import-Module ActiveDirectory
Import-Module GroupPolicy

#define variables
$GPOName       = 'GPO-FR-Adobe-Parameters'
$defaultNC     = ( [ADSI]"LDAP://RootDSE" ).defaultNamingContext.Value
#$TargetOU      = 'OU=Serveurs,' + $defaultNC
$TargetOU      = $defaultNC

#create new GPO shell
$GPO = New-GPO -Name $GPOName

#Pose d'éléments pour modifier des clés de registre par GPO
Set-GPPrefRegistryValue -Name $GPOName -Action Update -Context User -Key 'HKCU\Software\Adobe\Adobe Acrobat\10.0\3D' -Type DWord  -ValueName 'b3DDontQualiyRenderers' -Value 1 | out-null
Set-GPPrefRegistryValue -Name $GPOName -Action Update -Context User -Key 'HKCU\Software\Adobe\Adobe Acrobat\10.0\3D' -Type String  -ValueName 't3DPreferredRenderer' -Value 'Software' | out-null
Set-GPPrefRegistryValue -Name $GPOName -Action Update -Context User -Key 'HKCU\Software\Adobe\Adobe Acrobat\10.0\Originals' -Type DWord  -ValueName 'bDisplayedSplash' -Value 0 | out-null
Set-GPPrefRegistryValue -Name $GPOName -Action Update -Context User -Key 'HKCU\Software\Adobe\Adobe Acrobat\10.0\Privileged' -Type DWord  -ValueName 'bProtectedMode' -Value 0 | out-null
Set-GPPrefRegistryValue -Name $GPOName -Action Update -Context User -Key 'HKCU\Software\Adobe\Adobe Acrobat\10.0\TrustManager' -Type DWord  -ValueName 'bEnhancedSecurityInBrowser' -Value 0 | out-null
Set-GPPrefRegistryValue -Name $GPOName -Action Update -Context User -Key 'HKCU\Software\Adobe\Adobe Acrobat\10.0\TrustManager' -Type DWord  -ValueName 'bEnhancedSecurityStandalone' -Value 0 | out-null