Disabling Windows Recycle Bin with Puppet on all versions of Windows
Posted by Admin • Thursday, March 22. 2018 • Category: DevOpsAnd when I say "All versions of Windows" I mean that I tested it on Server 2008, 2012 and 2016.
This was oddly hard to figure out, and most tutorials either apply to only one version of windows or to outdated tools. The best way to do this that I found was using Local Group Policy. Now, how to automate this? The puppet localgrouppolicy module didn't work at all when I tried it (and has not been updated since 2014). The proper way to do this is of course with a Domain-based Group Policy, but my machines are not members of a domain.
Fortunately, there is a new Microsoft tool called LGPO that allows for some degree of command-line control of the Local Group Policy. Download "LGPO.exe" here.
First, let's make a reusable policy text file that we can import on all machines:
- take a vanilla Windows machine that hasn't had any Group Policy customization, and use lgpo.exe to export the policy: "lgpo.exe /v /parse /u c:\windows\system32\GroupPolicy\User\Registry.pol" (at least that was appropriate in my case). You should get more or less empty output.
- Then use the Local Group Policy Editor to change "Do not move deleted files to the Recycle bin" (under User Configuration -> Administrative Tools -> All Settings) to "Enabled"
- Repeat step 1. You should see this one setting that you changed in the output. Redirect output to a file, this will be our text file
- You can test that importing this file will change the setting: "lgpo /r myfile.txt". (Change the setting back first, run this, then re-open the Local Group Policy Editor to see the change)
Now, we can set up puppet:
Continue reading "Disabling Windows Recycle Bin with Puppet on all versions of Windows"