The problem.
I need to edit group policies on my laptop, for reasons which will become clear in a later post. However, as previously noted, I use Windows 10 Home which does not have GPEdit.msc installed. Full credit to iTechtics for their blog piece which is where I obtained the script I used, and if you are happy to just download a batch file from a blog post and run it on your computer go ahead. I however trust no-one and this post dissects the script so you can be sure it is not malicious.
The script.
@echo off
pushd “%~dp0”
dir /b %SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~3*.mum >List.txt
dir /b %SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientTools-Package~3*.mum >>List.txt
for /f %%i in (‘findstr /i . List.txt 2^>nul’) do dism /online /norestart /add-package:”%SystemRoot%\servicing\Packages\%%i”
pause
The dissection.
@echo off
There are two things going on here:
-
the @ symbol at the start of a line is used to prevent the command following it being echoed
-
echo off is used to prevent echoing all commands in a batch file
so this line is just preventing all the commands within the batch file being echoed and in reality could be removed
pushd “%~dp0”
When a batch script is ‘Run as Admin’, the current directory will be set to C:\windows\system32\. Using the pushd command at the start of the script restores the normal current directory. This works by setting the current directory to the location of the batch script, using the %0 parameter.
dir /b %SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~3*.mum >List.txt
This line lists the files in the folder %SystemRoot%\servicing\Packages\ that match the criteria Microsoft-Windows-GroupPolicy-ClientExtensions-Package~3*.mum where * is the wildcard, the b option means bare format – (no heading, file sizes or summary). This list is piped into a file called List.txt using the >, which is created as it does not exist.
dir /b %SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientTools-Package~3*.mum >>List.txt
This line lists the files in the folder %SystemRoot%\servicing\Packages\ that match the criteria Microsoft-Windows-GroupPolicy-ClientTools-Package~3*.mum where * is the wildcard, again the /b option means bare format – (no heading, file sizes or summary). This list is appended to the end of the file called List.txt using the >>
for /f %%i in (‘findstr /i . List.txt 2^>nul’) do dism /online /norestart /add-package:”%SystemRoot%\servicing\Packages\%%i”
dism is the Deployment Image Servicing and Management (DISM) tool. The online option specifies that the action is to be taken on the operating system that is currently running and the norestart option suppresses reboot if it is called. The add-package option installs the specified package in the system. The for loop is a simple iteration through each line of the Lists.txt file. So this adds the missing packages for the Microsoft-Windows-GroupPolicy-ClientExtensions and the Microsoft-Windows-GroupPolicy-ClientTools.
pause
Does just that, it pauses the execution of the batch file and displays the message “Press any key to continue . . .”
So download the batch file from iTechtics and verify the code matches that posted in this blog or write your own batch file and run as Administrator.
To get access to gpedit run gpedit.msc and break your system to your hearts content.