The GPOGUY-- Group Policy Blog

For those of you waiting patiently to migrate your PolicyMaker settings to the new GP Preferences format, your wait is over! You can now download the migration tool here! And here's a good blog post on how it all works.

Darren

Tags:

Group Policy, Group Policy Preferences, PolicyMaker

Posted by gpoguy at 01:58 PM | Permalink | Comments (0) | TrackBacks (0)

Hey Folks. Sorry for the long delay in between postings. Lots going on in Group Policy land and in my own life that has been keeping me busy! But, now that I have some time, I wanted to blog about a few things of note, in no particular order:

• Thanks to Mike Kline for posting a nice review of SDM Software's GPO Compare tool, which lets you graphically compare two GPOs for settings differences
• Just a quick note to let you know that I posted a new tool up at GPOGUY.COM a couple of weeks back. Its a new Powershell v1 snap-in that does two things. The first is a cmdlet called Get-SDMGPOVersion which lets you retrieve and show differences between GPO version numbers on a given DC, designed to spot AD and SYSVOL replication inconsistencies within GPOs. I would call it a Powershell version of GPOTool.exe. The 2nd cmdlet in the snap-in is called Invoke-SDMTouchGPO. This is basically a "touch" command for GPOs. What it does is, for a given GPO, it increments the per-computer or per-user version numbers for the GPO. This tricks clients into thinking that "something" has changed within that GPO, and thus will trigger a refresh of the settings within that GPO. Or more specifically, it will trigger a full reprocessing of policy for a given client that is impacted by that GPO that was touched. This came up in a thread that I participated in on the ActiveDir.Org mailling list, and I thought it was worth putting something together. You can download it for free at the GPOGUY.COM Free Tools Site.
• Working with the folks at Windows IT Pro Magazine, I've created a one-day Group Policy Troubleshooting webinar next Thursday, June 25th. You can get more information and register for it at the link I just provided. It should be a good session--its a 3 part training session that covers GP internals and GP processing basics, troubleshooting tools and techniques and then advanced topics in GP troubleshooting. I'll be on hand afterwards to answer questions during each session, as well! Check it out and see you there!
• Finally, I wanted to just call attention to some cool stuff Microsoft did recently in anticipation of the Windows 7 release. As you know, I've been a big advocate of enabling automation of Group Policy automation, primarily through Powershell. Our SDM Software Group Policy Automation Engine was the first product on the market to let you read and write GP settings using Powershell, when it shipped a couple of years ago. Recently the Applocker feature team within Microsoft (Applocker is the new replacement for Software Restriction Policies in Windows 7) announced availability of Powershell cmdlets for getting and setting Applocker policies within a GPO! This is all good stuff and provide a nice complement to what the GP Product team is doing with Powershell and registry settings in Win7. Check it out here: http://blogs.msdn.com/powershell/archive/2009/06/02/getting-started-with-applocker-management-using-powershell.aspx.

Well, enjoy those tidbits and I hope to be back blogging soon!

Darren

Posted by gpoguy at 03:27 PM | Permalink | Comments (0) | TrackBacks (0)

I thought this was cool: http://blogs.technet.com/grouppolicy/archive/2009/05/12/group-policy-at-tech-ed-2009-mark-russinovich-demos-group-policy-powershell-cmdlets.aspx

Mark demo'd Microsoft's upcoming Group Policy PowerShell cmdlets that will ship with Windows 7 and Server 2008 R2. I think its cool primarily because it validates the work we have done at SDM Software over the last couple of years to provide automation for Group Policy, with both our free GPMC cmdlets and our commercial Group Policy Automation Engine. Microsoft is providing something like 25 cmdlets in Windows 7 and Server 2008, R2, that will provide much of the same functionality as our free GPMC cmdlets. In addition, they are providing a set of what I call "teaser" cmdlets for automating a small portion of GP settings. Specifically, they will be provide a set of cmdlets to get and set registry policy (i.e. Administrative Templates but without the ADM or ADMX view of the world) and also registry settings through Group Policy Preferences Registry extension.

The cool part about this is that it gets people thinking about how they can automate the auditing and management of GP settings using Powershell. And when they run out of capabilities with the built-in cmdlets, well our GP Automation Engine will be waiting in the wings to provide the ability to script reading and writing of not just Admin. Template policy, but also Security policy, Software Installation, Folder Redirection, IE Maintenance, Scripts policy and all of GP Preferences.

Posted by gpoguy at 06:01 PM | Permalink | Comments (0) | TrackBacks (0)

If you're planning on being at the Microsoft Management Summit next week, I'll be presenting a Group Policy Troubleshooting session there on Wednesday morning. Stop by and say hi or attend the session or the Birds of a Feather I'll be doing that evening at around 5:30pm!

Darren

Tags: Microsoft Management Summit, Group Policy Troubleshooting

Posted by gpoguy at 11:15 AM | Permalink | Comments (0) | TrackBacks (0)

Just a quick note to let those of you who are Microsoft partners know that I'm going to be giving a webinar on using Group Policy in Small Business Server (SBS) 2008 on April 24th. Here's the info on the webinar if you want to register to attend!

In this session we’ll look at the new features available in Group Policy in SBS 2008 that enable you to have improved control over your user’s desktop experience and security.  We’ll look at the new Group Policy Preferences features that provide capabilities such as USB device control, point-and-click drive and printer mapping and control over your computers’ power usage.

Registration:

See you there!

Darren

Tags:

Group Policy, SBS Server 2008

Posted by gpoguy at 03:50 PM | Permalink | Comments (0) | TrackBacks (0)

As I mentioned in a previous post, SDM Software was close to shipping the next version of our GPExpert Scripting Toolkit product, and that has happened! Today we announced the release of the GPExpert(r) Group Policy Automation Engine 2.0. This newly branded and updated product provides a host of improvements and additions over the previous version, most notably the addition of support for Group Policy Preferences automation! Now you can automate almost any aspect of Group Policy management from Powershell or .Net. And not only can you automation the modification of GPO settings, but you can also automate the reading and auditing of settings across GPOs, something that is an incredibly manual process to perform today.

So visit the website and download an evaluation copy today and let us know what you think!

Darren

Tags:

Group Policy, SDM Software, Powershell

Posted by gpoguy at 05:36 AM | Permalink | Comments (0) | TrackBacks (0)

Just a quick shout-out to let folks know that I posted an update to our SDM Software GPMC Cmdlets on our freeware page. This is version 1.3 and primarily just fixes some bugs including an issue when you tried to get, add or remove site-based GPO links. Enjoy!

Tags:

Group Policy, GPMC, Powershell, SDM Software

Posted by gpoguy at 02:58 PM | Permalink | Comments (0) | TrackBacks (0)