Akom's Tech Ruminations

Various tech outbursts - code and solutions to practical problems

Disabling Windows Recycle Bin with Puppet on all versions of Windows

Posted by Admin • Thursday, March 22. 2018

And when I say "All versions of Windows" I mean that I tested it on Server 2008,2012 and 2016.

This was oddly hard to figure out, and most tutorials either apply to only one version of windows or to outdated tools. The best way to do this that I found was using Local Group Policy. Now, how to automate this? The puppet local_group_policy module didn't work at all when I tried it (and has not been updated since 2014).

Fortunately, there is a new Microsoft tool called LGPO that allows for some degree of command-line control of the Local Group Policy. Download "LGPO.exe" here.

First, let's make a reusable policy text file that we can import on all machines:

  1. take a vanilla Windows machine that hasn't had any Group Policy customization, and use lgpo.exe to export the policy: "lgpo.exe /v /parse /m c:\windows\system32\GroupPolicy\User\Registry.pol" (at least that was appropriate in my case). You should get more or less empty output.
  2. Then use the Local Group Policy Editor to change "Do not move deleted files to the Recycle bin" (under User Configuration -> Administrative Tools -> All Settings) to "Enabled"
  3. Repeat step 1. You should see this one setting that you changed in the output. Redirect output to a file, this will be our text file

Now, we can set up puppet:

  1. Add this file to your puppet module's files/ subdirectory
  2. Add lgpo.exe as well unless you plan to distribute it to your windows machines some other way
  3. Let's make a class to apply it (below)

class recyclebin_config {

  $lgpo_path = "c:\\windows\\system32\LGPO.exe"

  # install lgpo for local group policy command-line management
    source => "puppet:///modules/${module_name}/LGPO.exe",

  #relies on this text files being in recyclebin_config/files/
    source => "puppet:///modules/${module_name}/disable-recyclebin.txt",
    notify => Exec['Import disable recycle bin file'],

  exec{'Import disable recycle bin file':
    command => "${lgpo_path} /t c:\\temp\\disable-recyclebin.txt",
    refreshonly => true, # only run if the text file changes


0 Trackbacks

  1. No Trackbacks


Display comments as (Linear | Threaded)
  1. No comments

Add Comment

You can use [geshi lang=lang_name [,ln={y|n}]][/geshi] tags to embed source code snippets.
Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.

What is the primary language of this blog? (Anti-SPAM question)

Submitted comments will be subject to moderation before being displayed.