EMET GPO GPP using Task Scheduler to import EMET settings

Below are the steps for creating a GPO which will import a configuration XML file stored in a GPO via a GPP created Task Scheduler object.

• Prior to creation of GPO ensure you have a configuration XML file exported from EMET
• Create new GPO make note of the GPO GUID
• Copy the configuration XML file into the \domain.com\sysvol\policies\GPOGUID\ folder
• Edit the GPO and create a new task scheduler item for Windows Vista or Windows 7+ (need for triggers as well as multiple action items)
  • On the General Tab
    • Give GPO a name
    • Run as NT Authority\System (you could probably do this with Network Service instead haven't tested)
    • Run with highest privileges checked
  • On the Triggers Tab new Trigger with following settings
    • Begin Task On an event
    • Application Event log, Source SceCli, Event ID 1704  (Event that usually occurs on GPO Processing .. not always reliable)
    • Microsoft-Windows-GroupPolicy/Operational, Source GroupPolicy, Event ID's 4004, 4006 (4006 on Win7, 4004 on Win8 more reliable than app event log) see https://technet.microsoft.com/en-us/library/cc749336(v=ws.10).aspx
    • The only advanced settings that should be checked are Enabled and Activate which will have a date of when you are creating/editing
  • On the Actions Tab create the following actions
    • Start a program, Program/script: EMETINSTALLEDDIRECTORY\emet_conf.exe, Arguments --delete_all  (this action deletes any existing local config)
    • Start a program, Program/script: EMETINSTALLEDDIRECTORY\emet_conf.exe, Arguments --import file://domain.com/sysvol/policies/GPOGUID/config.xml
  • On the Common Tab
    • Check the box for Remove this item when it is no longer applied.