The GPOGUY-- Group Policy Blog

Well, we've released a new version of our GPMC PowerShell cmdlets--version 1.2. This new version represents a significant updgrade to the existing cmdlets. The biggest change is that we incorporated new functionality that became available in the version of GPMC that shipped with Vista, SP1 and Windows Server 2008. As a result of those significant GPMC changes, we had to break the cmdlets into two separate download packages--one package for Vista, SP1 and Server 2008 users and the other for earlier platforms. In general, the main differences between the two downloads is that the package for Vista, SP1 and 2008 supports some features like managing "Starter GPOs" and some other new capabilities that the older version of GPMC does not support. But both packages have added some cool new features, such as better pipelining support between cmdlets and support for creating GP Settings and RSOP reports. The pipelining support is especially interesting for those of you out there looking to fully automate your GP Management tasks. In earlier versions of the cmdlets, whenever you got a reference to a GPO or created a new GPO, you could not easily pipe the output of that to another cmdlet. The reason for this is that the objects that the cmdlets emitted were COM Interop types that did not appear as useful objects to the PowerShell pipeline. As a result, we have modified the default output of many of these Get- cmdlets to emit custom objects that are more easily piped to other cmdlets. For example, now you can create a GPO and link it in one fell swoop, like this:

new-sdmGPO "Marketing Stuff" | add-sdmgplink -Scope "OU=Marketing,DC=Cpandl,DC=com" -Location -1

If you do still need access to the COM interop types, then there is now a -Native parameter on cmdlets that emit these custom objects so that you can revert to the old 1.1 behavior if needed.

The following are the rest of the release notes on the new 1.2 version. Check them out and let us know what you think!

*******************************************************************

Release Notes for SDM Software's GPMC PowerShell Cmdlets, v1.2

July 2, 2008
-------------
#Added -Native parameter to a number of the get- cmdlets, including get-SDMGPO. In version 1.1, these cmdlets emitted native GPMC COM Interop types, which could not be sent to the pipeline successfully. As a result, all of the cmdlets in this release that support the -Native parameter now, by default, emit custom object types to work better with the pipeline. If you need the native GPMC object types, then use the -Native parameter.

#Add 9 new Cmdlets, including:

Add-WMIFilterLink: Links an existing WMI filter to a GPO
Copy-SDMStarterGPO: Copies an existing Starter GPO to a new Starter GPO (Server 2008 and Vista, Sp1 only)
Get-SDMStarterGPO: Retrieves a reference to and information on a named Starter GPO (Server 2008 and Vista, Sp1 only)

Get-SDMWMIFilter: Retrieves a reference to and information on one or all WMI Filters in a domain
New-SDMStarterGPO: Creates a new Starter GPO (Server 2008 and Vista, Sp1 only)
Out-SDMGPSettingsReport: Creates an xML or HTML GPO Settings report
Out-SDMRSOPLoggingReport: Creates and XML or HTML Group Policy Results report
Remove-SDMStarterGPO: Deletes a Starter GPO (Server 2008 and Vista, Sp1 only)
Remove-SDMWMIFilterLink: Removes any WMI Filter linked to a particular GPO

#Added a Name parameter to Get-SDMGPLink. This new parameter lets you search for links by GPO name in addition to SOM. So, you can provide a GPO name and get a list of all the places its linked.

#Added a GPOID parameter to Get-SDMGPO. This new parameter lets you search for a GPO by GUID instead of by name. With this new parameter, you can use this cmdlet to effectively translate from GUID to Name and Name to GUID.

***********************************************************************

Tags:

Group Policy, PowerShell, GPMC, SDM Software

Posted by gpoguy at 02:37 PM | Permalink | Comments (0) | TrackBacks (0)

The folks at NetWrix have just announced their newest product--Group Policy Change Reporter. The product comes in both a freeware and commercial version and can provide detailed change reporting on who made changes to GPOs, what settings were changed and when. It comes with a number of out-of-the-box reports as well.

Check it out!

Posted by gpoguy at 04:39 PM | Permalink | Comments (0) | TrackBacks (0)

Hey Folks. The Group Policy Team at Microsoft is looking for feedback on managing Windows Servers. They've put a survey up online. If you want to get your feedback and experiences heard, and incorporated into future products, this is an ideal opportunity to do it! The survey is up until July 15th so get in there!

Posted by gpoguy at 03:48 PM | Permalink | Comments (0) | TrackBacks (0)

Well, in keeping with our current tradition of delivering PowerShell-based solutions for Group Policy Management, SDM Software has released its latest product--the Group Policy Health Cmdlet. This cmdlet basically lets you get quick and detailed Group Policy processing status across one or more machines within your enterprise. Its pretty cool in that you can feed it either a machine name, an OU name or a domain name and it will resolve all computer objects in those containers, and query each one, returning results either as an object (shown in the screenshot below) or as an XML document that you can save or manipulate using PowerShell's built-in XML capabilities. You can take a video tour of the product here, which shows off some of its features.

And while the product is not free, you can download a trial copy and use it for up to 10 queries. After that, to buy a copy is, well, cheap if you ask me :). Anyway, check it out and let us know what you think!

Tags:

Group Policy, PowerShell, SDM Software, Group Policy Health

Posted by gpoguy at 11:21 AM | Permalink | Comments (0) | TrackBacks (1)

 I noticed that Jeff Hicks called me out on his blog for the Scripting/SysAdmin Meme, so I figured I would follow through with the chain and answer the questions here:

How old were you when you started using computers?

I was about 15.

What was your first machine?

The first computer that I used was probably a Cromemco multi-user system in High School or the original Apple computer. The first computer I owned was an Atari 800 that I got for Christmas in 1978 :).

What was the first real script you wrote?

Hmm. Well, my first language was BASIC--not sure that is really a scripting language but it approximated that on the Atari. But in terms of real scripting languages it was probably DOS batch.

What scripting languages have you used?

DOS batch, Fastlane FINAL, Perl, VBScript, JScript, PowerShell. Probably missing a couple in there.

What was your first professional sysadmin gig?

My first job out of college, as I struggled to be a bike racer, was part-time warehouse guy and part-time computer guy for a small computer leasing company. I did some basic maintenance and Paradox development. My first real sys admin. job was for an environmental consulting company. When I started, they had a Sun TOPS network based on Appletalk!!

If you knew then what you know now, would have started in IT?

Excellent question. Not sure. IT has changed a lot, there is a lot of things I don't like about it. I think I might have spent more time in dev. if I knew then what I know now.

If there is one thing you learned along the way that you would tell new sysadmins, what would it be?

What worked for me may not work for others, but I made a conscious decision to reach out and help people. This started with the early winnt-bhs mailing list on Compuserve in the mid-90s and continues today. I think this business is all about spreading the knowledge, because there is so much to learn. So, if you want to advance your own career, help others as you learn. It brings many side benefits, including gaining a reputation that might lead to more interesting things than just fixing broken printers :).

What’s the most fun you’ve ever had scripting?

Scripting is one of those things that I did out of necessity, but I can remember a perl script that I had to write to change thousands of machines from static IP to dynamic. I was particularly proud of that at the time. I think now I get the most kick out of developing PowerShell cmdlets. Fun stuff.

Who am I calling out?

Brandon Shell

Dean Wells

Joe Richards

Sean Deuby

Posted by gpoguy at 01:24 PM | Permalink | Comments (0) | TrackBacks (1)

I created a whitepaper a while back that describes how you can use SDM Software's free GPMC cmdlets along with our commercial GPExpert(tm) Scripting Toolkit product to automate Group Policy management using PowerShell. That whitepaper, entitled "Automating Group Policy Management" is now up on our website for download. You do have to register for it but it goes through a bunch of different scenarios, including performing basic GPO management tasks as well as using the Toolkit to audit or modify Group Policy settings across a group of GPOs.

Tags

Group Policy, PowerShell

Posted by gpoguy at 01:03 PM | Permalink | Comments (0) | TrackBacks (0)

Well, Active Directory MVP and well-known speaker Guido Grillenmeier from HP has taken my AD tombstone reanimation cmdlets and fashioned a very cool PowerShell script that uses the cmdlets and the new AD snapshot mounting feature in Server 2008 to not only restore deleted objects but also restore their attributes that are lost when the object is deleted. Guido is presenting an AD recovery talk at TechEd in Orlando tomorrow and the script will be featured in that talk. If you are at TechEd, I highly recommend you check out his talk.

Guido has also provided some great feedback on my tombstone reanimation cmdlets so look for a 1.1 version of them very soon!

You can download Guido's PowerShell script here !

Thanks Guido!

Tags

Active Directory, tombstone reanimation, PowerShell, SDM Software

Posted by gpoguy at 11:33 AM | Permalink | Comments (0) | TrackBacks (0)