Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Below are the steps for creating a GPO which will import a configuration XML file stored in a GPO via a GPP created Task Scheduler object.
- Prior to creation of GPO ensure you have a configuration XML file exported from EMET
- Create new GPO make note of the GPO GUID
- Copy the configuration XML file into the \domain.com\sysvol\policies\GPOGUID\ folder
- Edit the GPO and create a new task scheduler item for Windows Vista or Windows 7+ (need for triggers as well as multiple action items)
- On the General Tab
- Give GPO a name
- Run as NT Authority\System (you could probably do this with Network Service instead haven't tested)
- Run with highest privileges checked
- On the Triggers Tab new Trigger with following settings
- Begin Task On an event
- Application Event log, Source SceCli, Event ID 1704 (Event that usually occurs on GPO Processing .. not always reliable)
- Microsoft-Windows-GroupPolicy/Operational, Source GroupPolicy, Event ID's 4004, 4006 (4006 on Win7, 4004 on Win8 more reliable than app event log) see https://technet.microsoft.com/en-us/library/cc749336(v=ws.10).aspx
- The only advanced settings that should be checked are Enabled and Activate which will have a date of when you are creating/editing
- On the Actions Tab create the following actions
- Start a program, Program/script: EMETINSTALLEDDIRECTORY\emet_conf.exe, Arguments --delete_all (this action deletes any existing local config)
- Start a program, Program/script: EMETINSTALLEDDIRECTORY\emet_conf.exe, Arguments --import file://domain.com/sysvol/policies/GPOGUID/config.xml
- On the Common Tab
- Check the box for Remove this item when it is no longer applied.
- On the General Tab