POWERSHELL AND

GROUPPOLICYDiscovering your options

Welcome

• Kevin Sullivan

– kevin.Sullivan@specopssoft.com

– @kevsully67

• Director of Sales Engineering

• Recovering GP MVP, Musician

• Previously Principal Program Manager at Microsoft

• Technology lover – geek dad

WHOAMI

Stream of Consciousness

LET IT FLOW

Agenda – all in the context of Group Policy

• Introduction – PowerShell basics and Group Policy

• Discovering– How do you find what is there?

• Exploring– Navigating around, flying blind

• Learning– Getting help

• Applying– Getting stuff done

LETS GIVE ‘EM SOMETHING TO TALK ABOUT

Introduction

• Getting started with PowerShell - refresher

• Great tools– ISE, Console

– PowerShell Studio

– SDM cmdlets

– More…

• Great resources– Script Center

• Great community– PowerShell.org

– Bingle PowerShell

WHY ARE WE HERE?

Discovering

• Commands

• Modules

• PSSnapIns

• Get-Command

• Get-Help

• Wildcards

HOW TO START?

Exploring

• Get-Command

• Pipe to Measure-Object

– Get-Command |measure-object

• -Verb

• Get-Command –Module GroupPolicy

• Get-Help – ‘Too soon?’

I FOUND A PLACE TO START, NOW WHAT?

Exploring Group Policy

• Group Policy tasks

– Create GPO

– Link GPO

– Delegate GPO

– Backup GPO

• Get-Command

• Measure-Object

STREAM OF CONSCIOUSNESS

New-GPO, Get-GPO

• Get-help Get-GPO

– Full

– Examples

– ShowWindow

• Filter output

– Where-Object

• Get-help New-GPO

FROM SCRATCH

New-GPLink, Set-GPLink

• New-GPLink

– GPO

– OU

• Set-GPLink

– Enabled

– Enforced

– Order

NOW WHAT?

Get-GPInheritance

• Prompt

• Mandatory Parameters

• Command Pane/command window

• Show-Command

• Expose buried data

WHO IS AFFECTED?

Get-GPPermissions, Set-GPPermissions

• GP Delegation Primer

• Parameter sets

• Custom Delegation

TARGET THE RIGHT PEOPLE

Backup-GPO(s), Restore

• Have directory for backups

• Store all backups together

• Locating backups by name, GUID etc.

– All referenced in manifest.xml

• Restore by…

– BackupID

– GUID

– Name

SAVE YOUR WORK!

TROUBLESHOOTING GPEvents

GP Start/Stop Events

• Event ‘bookends’– Computer Start

• Start Event = 4000

• End Event = 6000 (warning), 7000 (error) or 8000 (Success)

– User Logon

• Start Event = 4001

• End Event = 6001, 7001, 8001

– Computer Manual Refresh

• Start Event = 4004

• End Event = 6004, 7004, 8004

GP EVENTS

Get-WinEvent, Get-EventLog

• Troubleshooting GP– GP LogView

– ActivityIDs

– SDM Software

• Find Group Policy Events

• Find Activity ID– Activity ID is a GUID that correlates all events fired during

a single GP Processing Cycle

– Get-WinEvent “Microsoft-Windows-

GroupPolicy/Operational” –FilterXPath

“Event[System/EventID=‘4000’]”

WHAT HAPPENED DURING GPUPDATE?

Command History

• Get-History

• Invoke-History

• Clear-History

• Add-History

WHAT HAVE I DONE?

Get-GPResultantSetOfPolicy

• HTML / XML

• GP Refresh

• GP Health

• Online content

• Lots of fun!

Wrap-up

• Questions

• Next month?

• Send feedback

• kevin.sullivan@specopssoft.com

WHAT DOES THE FUTURE BRING?

SDM Software

• Darren Mar-Elia – GPOGuy

– GP MVP

• Free GP cmdlets

– Fill some gaps in native MS cmdlets

• Blog

– Http://sdmsoftware.com/group-policy-blog

WHATS NEXT?

Helpful Stuff

• GP Events - http://technet.microsoft.com/en-us/library/cc749336(v=WS.10).aspx

• SDM Software – http://sdmsoftware.com

– Darren Mar-Elia GP MVP

• GP PowerShell cmdlets -http://technet.microsoft.com/en-us/library/ee461027.aspx

RESOURCES

Resources• Learn PowerShell in a Month of Lunches – Don Jones

@concentrateddon, Jeffery Hicks @jeffHicks

• Learn PowerShell Tool Making in a Month of Lunches –Don Jones, Jeffery Hicks

• Follow– Jeffery Snover @jsnover

– MSFT Scripting Guys @scriptingGuys

– June Blender @juneb_get_help

– Lee Holmes @lee_holmes

– /r/powershell @r_powershell

– PowerShell Tips @powerTip

– PowerShell.org @PSHOrg

LOTS OF RESOURCES

Resources• http://www.powershellpro.com

– Some great tutorials

• http://powershell.org

• http://technet.Microsoft.com/scriptcenter

– Repository!

• http://jdhitsolutions.com/blog

– Jeff Hicks

• PowerShell help system!

• http://www.specopssoft.com

• http://success.specopssoft.com

LOTS OF RESOURCES

ideas

• Backup-gpo

– Backup WMI filters

• Get-GPInheritance

– OS/app deploy needing to find links

• Authenticated users permissions to gp

– Get-gppermission(s)

• Site to zone mapping

– Set-gpregistryvalue