0

I need to write a PowerShell script that should configure the below settings of Group policy in all the machines.

Gpedit.msc → Computer Configuration → Administrative Templates → System → User Profiles → "Do not forcefully unload the users registry at user logoff" to "Enabled".

As I am aware this can be done using the registry value also

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"DisableForceUnload"=dword:00000001

But through the script, when I add the required registry entry, the change is not reflected in the Group Policy console. Of course, I need to use the Group Policy cmdlets! When I tried with Set-GPRegistryValue with below statement

Set-GPRegistryValue -Name "User Profiles" `
  -key "HKLM\SOFTWARE\Policies\Microsoft\Windows\System\" `
  -ValueName DisableForceUnload -Type DWord -Value 1

It shows exception saying "A Referral was returned from the server."

Set-GPRegistryValue : A referral was returned from the server. (Exception from HRESULT: 0x8007202B)
At D:\Work\XYZ\Desktop\GPO1.ps1:6 char:1
+ Set-GPRegistryValue -Name "User Profiles" -key "HKLM\SOF ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Set-GPRegistryValue], COMException
    + FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Microsoft.GroupPolicy.Commands.SetGPRegistryValue 
   Command

What exactly I missing out here?

Basavaraju B K
  • 71
  • 2
  • 11
  • Are you sure this is the right key `"HKLM\SOFTWARE\Policies\Microsoft\Windows\System\"`? Technet says group policies are stored here https://technet.microsoft.com/en-us/library/cc939918.aspx, in particular, I would try `HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System` instead – Varvara Kalinina Jun 15 '15 at 10:37
  • @VarvaraKalinina The "User Profiles" configuration settings will be stored in the `HKLM\SOFTWARE\Policies\Microsoft\Windows\System\ ` I verified it. – Basavaraju B K Jun 15 '15 at 13:01

1 Answers1

0

A domain controller returning a referral means that the object is present in the directory, but not on that particular domain controller. This can happen for instance with partitioned directories or trusted/child domains.

You can use the -Domain and -Server parameters for connecting to a specific domain and/or server. Default is to connect to the PDC emulator of the domain of the current user.

Ansgar Wiechers
  • 193,178
  • 25
  • 254
  • 328
  • I tried with adding `-Domain` and `-server` parameters with the values, it resulted with another exception saying `Set-GPRegistryValue : Value does not fall within the expected range.` – Basavaraju B K Jun 15 '15 at 12:46
  • @BasavarajuBK Your registry value is a DWORD, so change `-Value "1"` to `-Value 1`. – Ansgar Wiechers Jun 15 '15 at 15:03
  • Apology I missed out in editing that in the question. Actually The value is without double quotes. So its like this. `Set-GPRegistryValue -Name "User Profiles" -Domain "mydomain" -server "myserver.com" -key "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" -ValueName "DisableForceUnload" -Value 1 -type DWord` Still it throws the same exception. – Basavaraju B K Jun 15 '15 at 15:15
  • Post a new question with the exact command and error message. – Ansgar Wiechers Jun 15 '15 at 15:25