View
140
Download
2
Category
Preview:
DESCRIPTION
Windows PowerShell is a powerful scripting tool and it is now an essential knowledge for IT administrators. In part 2 of this PowerShell series, we will show you how to use Windows PowerShell to manage Group Policy.
Citation preview
POWERSHELL AND
GROUPPOLICYDiscovering your options
Welcome
• Kevin Sullivan
– kevin.Sullivan@specopssoft.com
– @kevsully67
• Director of Sales Engineering
• Recovering GP MVP, Musician
• Previously Principal Program Manager at Microsoft
• Technology lover – geek dad
WHOAMI
Stream of Consciousness
LET IT FLOW
Agenda – all in the context of Group Policy
• Introduction – PowerShell basics and Group Policy
• Discovering– How do you find what is there?
• Exploring– Navigating around, flying blind
• Learning– Getting help
• Applying– Getting stuff done
LETS GIVE ‘EM SOMETHING TO TALK ABOUT
Introduction
• Getting started with PowerShell - refresher
• Great tools– ISE, Console
– PowerShell Studio
– SDM cmdlets
– More…
• Great resources– Script Center
• Great community– PowerShell.org
– Bingle PowerShell
WHY ARE WE HERE?
Discovering
• Commands
• Modules
• PSSnapIns
• Get-Command
• Get-Help
• Wildcards
HOW TO START?
Exploring
• Get-Command
• Pipe to Measure-Object
– Get-Command |measure-object
• -Verb
• Get-Command –Module GroupPolicy
• Get-Help – ‘Too soon?’
I FOUND A PLACE TO START, NOW WHAT?
Exploring Group Policy
• Group Policy tasks
– Create GPO
– Link GPO
– Delegate GPO
– Backup GPO
• Get-Command
• Measure-Object
STREAM OF CONSCIOUSNESS
New-GPO, Get-GPO
• Get-help Get-GPO
– Full
– Examples
– ShowWindow
• Filter output
– Where-Object
• Get-help New-GPO
FROM SCRATCH
New-GPLink, Set-GPLink
• New-GPLink
– GPO
– OU
• Set-GPLink
– Enabled
– Enforced
– Order
NOW WHAT?
Get-GPInheritance
• Prompt
• Mandatory Parameters
• Command Pane/command window
• Show-Command
• Expose buried data
WHO IS AFFECTED?
Get-GPPermissions, Set-GPPermissions
• GP Delegation Primer
• Parameter sets
• Custom Delegation
TARGET THE RIGHT PEOPLE
Backup-GPO(s), Restore
• Have directory for backups
• Store all backups together
• Locating backups by name, GUID etc.
– All referenced in manifest.xml
• Restore by…
– BackupID
– GUID
– Name
SAVE YOUR WORK!
TROUBLESHOOTING GPEvents
GP Start/Stop Events
• Event ‘bookends’– Computer Start
• Start Event = 4000
• End Event = 6000 (warning), 7000 (error) or 8000 (Success)
– User Logon
• Start Event = 4001
• End Event = 6001, 7001, 8001
– Computer Manual Refresh
• Start Event = 4004
• End Event = 6004, 7004, 8004
GP EVENTS
Get-WinEvent, Get-EventLog
• Troubleshooting GP– GP LogView
– ActivityIDs
– SDM Software
• Find Group Policy Events
• Find Activity ID– Activity ID is a GUID that correlates all events fired during
a single GP Processing Cycle
– Get-WinEvent “Microsoft-Windows-
GroupPolicy/Operational” –FilterXPath
“Event[System/EventID=‘4000’]”
WHAT HAPPENED DURING GPUPDATE?
Command History
• Get-History
• Invoke-History
• Clear-History
• Add-History
WHAT HAVE I DONE?
Get-GPResultantSetOfPolicy
• HTML / XML
• GP Refresh
• GP Health
• Online content
• Lots of fun!
Wrap-up
• Questions
• Next month?
• Send feedback
• kevin.sullivan@specopssoft.com
WHAT DOES THE FUTURE BRING?
SDM Software
• Darren Mar-Elia – GPOGuy
– GP MVP
• Free GP cmdlets
– Fill some gaps in native MS cmdlets
• Blog
– Http://sdmsoftware.com/group-policy-blog
WHATS NEXT?
Helpful Stuff
• GP Events - http://technet.microsoft.com/en-us/library/cc749336(v=WS.10).aspx
• SDM Software – http://sdmsoftware.com
– Darren Mar-Elia GP MVP
• GP PowerShell cmdlets -http://technet.microsoft.com/en-us/library/ee461027.aspx
RESOURCES
Resources• Learn PowerShell in a Month of Lunches – Don Jones
@concentrateddon, Jeffery Hicks @jeffHicks
• Learn PowerShell Tool Making in a Month of Lunches –Don Jones, Jeffery Hicks
• Follow– Jeffery Snover @jsnover
– MSFT Scripting Guys @scriptingGuys
– June Blender @juneb_get_help
– Lee Holmes @lee_holmes
– /r/powershell @r_powershell
– PowerShell Tips @powerTip
– PowerShell.org @PSHOrg
LOTS OF RESOURCES
Resources• http://www.powershellpro.com
– Some great tutorials
• http://powershell.org
• http://technet.Microsoft.com/scriptcenter
– Repository!
• http://jdhitsolutions.com/blog
– Jeff Hicks
• PowerShell help system!
• http://www.specopssoft.com
• http://success.specopssoft.com
LOTS OF RESOURCES
ideas
• Backup-gpo
– Backup WMI filters
• Get-GPInheritance
– OS/app deploy needing to find links
• Authenticated users permissions to gp
– Get-gppermission(s)
• Site to zone mapping
– Set-gpregistryvalue
Recommended