PowerShell – Adding Registry Keys for Group Policy

email me

I created this for configuring GP using PowerShell in Intune. Just pass the relative GP reg settings using Add-RegPolicy: Test locally, Upload to Intune > Device configuration > PowerShell scripts, Assign Group.

# MrNetTek
# eddiejackson.net/blog
# 1/2/2020
# free for public use 
# free to claim as your own

Function Add-RegPolicy($hive,$path,$type,$name,$data)
    $ErrorActionPreference= 'silentlycontinue'

    $regPath = "$hive`:\$path"
    if(-not (Test-Path -path $regPath))
            # Create Path
            New-Item -Path "$regPath" | Out-null
       # Remove Reg Key
       Remove-ItemProperty -Path $regPath -Name $name -Force | Out-Null
       # Add Reg Key
       New-ItemProperty -Path $regPath -Name $name -Value $data -PropertyType $type | Out-Null              
       # Required for Binary 
       #$hex = $data.Split(',') | % { "0x$_"}            
       #New-ItemProperty -Path $regPath -Name $name -Value ([byte[]]$hex) -PropertyType $type | Out-Null

#Reg Hive + Reg Path + Reg Type + Reg Name + Reg Data
Add-RegPolicy -hive "HKLM" -path "SOFTWARE\\_test" -type STRING -name "TEST" -data "DataHere"

* Intune demos coming soon…



Template Code

Add-RegPolicy -hive "HKLM" -path "SOFTWARE\\_test" -type STRING -name "TEST" -data "DataHere"

Add-RegPolicy -hive "HKLM" -path "SOFTWARE\\_test" -type DWORD -name "TEST" -data 0

Add-RegPolicy -hive "HKLM" -path "SOFTWARE\\_test" -type BINARY -name "TEST" -data "a6,d8,ff,00,76,b9,ed,00,42,9c,e3,00,00,78,d7,00,00,5a,9e,00,00,42,75,00,00,26,42,00,f7,63,0c,00"


Group Policy Resources

Group Policy Settings Reference Spreadsheet Windows 1809
Group Policy Settings Reference Spreadsheet Windows 1803

Configure ADMX settings with Microsoft Intune Administrative Templates
Understanding ADMX-backed policies
Enable ADMX-backed policies in MDM
Win32 and Desktop Bridge app policy configuration
Ingesting Office ADMX-Backed policies using Microsoft Intune

Example: Enable Remote Desktop Connectivity

Add-RegPolicy -hive "HKLM" -path "SYSTEM\\CurrentControlSet\\Control\\Terminal Server" -type DWORD -name "fDenyTSConnections" -data 0

Add-RegPolicy -hive "HKLM" -path "SYSTEM\\CurrentControlSet\\Control\\Terminal Server" -type DWORD -name "TSUserEnabled" -data 1

Add-RegPolicy -hive "HKLM" -path "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon" -type STRING -name "WinStationsDisabled" -data "0"


Read More



If condition




tags: PowerShell registry, PowerShell Binary, PowerShell scripting, PowerShell Group Policy, MrNetTek