Deleting Registry.pol and Forcing Group Policy Update Using a Batch File - Deploy through SCCM

 

Deleting Registry.pol and Forcing Group Policy Update Using a Batch File - Software update cycle scan failures 

In some troubleshooting scenarios ( specially software update cycle scanning errors)  , it is necessary to remove the Registry.pol file to reset Group Policy settings and force an immediate update. This guide outlines how to accomplish this using a batch script and deploy it via SCCM. 

Step 1: Create a Batch File

Script to Delete Registry.pol and Update Group Policy

@echo off
setlocal
:: Define paths
set "RegPolPath=C:\Windows\System32\GroupPolicy\Machine\Registry.pol"
:: Check if the file exists and delete it
if exist "%RegPolPath%" del /f /q "%RegPolPath%"
:: Force Group Policy update
gpupdate /force
:: Notify user
echo Group Policy has been updated successfully.
pause

  1. Open Notepad.

  2. Copy and paste the script above.

  3. Save the file with a .bat extension (e.g., ResetGPO.bat).

Step 2: Deploy the Batch Script Using SCCM

1. Create an SCCM Package

  1. Open SCCM Console and navigate to Software Library > Application Management > Packages.

  2. Right-click Packages and select Create Package.

  3. Enter a name (e.g., Reset GPO Script) and provide a description.

  4. Choose This package contains source files and specify the folder containing the batch script.

  5. Click Next.

2. Create a Program

  1. Select Standard Program and click Next.

  2. Enter a name (e.g., Delete Registry.pol and Update GPO).

  3. In the Command Line field, enter:

    cmd.exe /c ResetGPO.bat

  4. Choose Run with administrative rights.

  5. Set the execution mode to Hidden to prevent user interruptions.

  6. Click Next, then Finish.

3. Deploy the Package

  1. Navigate to Software Library > Application Management > Packages.

  2. Select the package and click Deploy.

  3. Choose the target collection (e.g., all clients, specific workstations).

  4. Specify the distribution points.

  5. Set deployment options:

    • Purpose: Required (for forced execution) or Available (for optional execution).

    • Schedule: Define execution time.

  6. Click Next and complete the deployment.

4. Monitor Deployment

  1. Navigate to Monitoring > Deployments.

  2. Select the deployment and check the Compliance status.

  3. Troubleshoot any failures using SCCM logs (execmgr.log on client machines).

By following these steps, you can effectively reset Group Policy settings and enforce an immediate update using SCCM.

Popular Posts

Windows 11 24H2 Upgrade using Intune Feature Updates Policy

Image
How to Deploy Feature Updates Using Intune: A Step-by-Step Guide Microsoft Intune provides a streamlined method for managing Windows feature updates across your organization. In this guide, I'll walk through the essential prerequisites, policy creation steps, deployment, and monitoring process to ensure a smooth rollout of feature updates using Intune. 1. Verify Prerequisites Before you create a feature update policy, ensure the following prerequisites are met on the target devices: Device Enrollment : Devices must be enrolled in Intune, either as Microsoft Entra hybrid joined or Microsoft Entra joined . Supported OS : Devices must be running a supported version of Windows 10 or Windows 11 . Telemetry Settings : Devices must have the telemetry level set to Required . You can configure this via Devices > Windows> Configuration > Create Policy > Templates>  Device Restrictions > Reporting and Telemetry > Share Usage Data >Set as Required...
Read more

Deploying a Script through Intune to a Linux PC

Image
Can Intune Deploy Shell Scripts to Linux Devices? Yes! Just like deploying PowerShell scripts to Windows, Intune can also deploy shell scripts to Linux devices. In this blog, I'll walk you through the process of deploying shell scripts to Linux using Intune, making it easier to automate tasks and manage Linux endpoints efficiently. Prerequisites Before deploying a shell script via Intune, ensure the following requirements are met: 1. Intune and Microsoft Entra ID Your environment must have Microsoft Intune configured for device management. This setup enables secure enrollment and policy enforcement on Linux devices. 2. Linux Device Enrollment The Linux PC must be properly enrolled in Intune to receive policies and scripts. If the device is not enrolled, follow Microsoft's documentation on Linux enrollment in Intune. Deploying the Shell Script Once the prerequisites are met, follow these steps to deploy your shell script through Intune: Access Microsoft Intune Sign in to the ht...
Read more

Removing Obsolete Computer Records from Active Directory Using PowerShell (Only Windows Client Versions)

  Removing Obsolete Computer Records from Active Directory Using PowerShell Active Directory (AD) environments can accumulate obsolete computer objects over time. These stale records not only clutter the directory but can also pose security risks. This article provides a PowerShell-based approach to identifying and removing outdated computer records from Active Directory. Identifying Obsolete Computer Accounts The first step in cleaning up AD is to identify inactive computers based on their last logon timestamp and password last set date. Below is a PowerShell script to find obsolete devices that have not logged in for more than 60 days: Import-Module ActiveDirectory $DaysInactive = 60 $time = (Get-Date).AddDays(-$DaysInactive) # Identify obsolete devices $obsoleteDevices = Get-ADComputer -Filter { (LastLogonTimeStamp -lt $time -and PasswordLastSet -lt $time) -and (OperatingSystem -like '*Windows 10*' -or OperatingSystem -like '*Windows 11*' -or OperatingSystem...
Read more