10 ready-to-implement PowerShell scripts to make AD management easy!

Active Directory Policies

Group Policy Management Console (GPMC) – Part II

In part I  of Group Policy Management Console (GPMC), we introduced the GPMC MMC snap-in, its functionalities and also looked at how to perform a few basic tasks. In this part, we will look at some of the other tasks that can be executed from the console.

Linking a GPO

  • In the GPMC, locate the domain or OU to which the GPO is to be linked and right click.
  • To link an existing GPO, select the option Link an Existing GPO. In the Select GPO dialog box that appears, select the GPO that is to be linked and click OK.
  • To link a new GPO, select the option Create a GPO in this domain, and link it here. Give a suitable name and click OK.

 Disabling a GPO link

  • In the GPMC, locate the GPO link which is to be disabled.
  • Right click the GPO link and click Link Enabled. A check mark indicates that the link is enabled and the absence of it indicates that the link is disabled.

Managing GPO Backups

  • In the GPMC, expand the Group Policy Objects node that contains the GPO that has to be back ed-up. Right click the GPO, and then click Back Up.
  • To back up all GPOs in the domain, right click the Group Policy Objects node, and then click Back Up All.
  • In the Back Up Group Policy Object dialog box, specify the path to the folder where the backed up versions of the GPOs will reside. Click Back Up.
  • Finally click OK.

Restoring a GPO

  • In the GPMC, expand the Group Policy Objects container. Right click the GPO and then click Manage Backups.
  • In the Manage Backups dialog box that appears, specify the path to locate the backup folder.
  • From the list Backed up GPOs, select the GPO that needs to be restored, and click Restore.
  • Confirm by clicking OK.
  • Finally click OK and then Close.

Importing settings from a GPO

  • In the GPMC, expand the Group Policy Objects node. Right click the GPO and then click Import Settings. The Import Settings Wizard opens.
  • Click Next to continue.
  • Backup the existing settings in the GPO by clicking Backup. Then click Next.
  • Specify the path to the backup folder from which the settings are to be imported. Click Next.
  • Select the GPO from which the settings are to be imported. Click Next.
  • The wizard will automatically scan the settings in the backup to check for references needed. After the scan completes, click Next.
  • Under Migrating References, select the method for transferring references. Click Next.
  • Finally click Finish to close the wizard.

Group Policy Modeling

Group Policy Modeling can simulate the policy implementation environment and can help administrators get a sense of how the GPOs affect different users and computers, thus helping them to plan before actually applying the policies.

The following steps illustrate how to work with the Group Policy Modeling Wizard:

  • In the left pane of the GPMC, click on the forest to expand it.
  • Right click the Group Policy Modeling container and click on the Group Policy Modeling Wizard option.
  • In the Group Policy Modeling Wizard that is launched, click Next.
  • Specify the domain where the GPO is to be analyzed and click Next.
  • Specify the user and computer against which the policy settings are to be simulated. Click Next.
  • In the page that follows, select a particular site if required, else skip to the final page and click Next.
  • In the page that follows, specify an alternate network location if required, else skip to the final page and click Next. An alternate location can help administrators see the effects of the GPOs if the computer were to be moved to a different container in the AD.
  • In the page that follows, use the Add/Remove options to simulate changes to all the security groups that the selected user is a member of if required, else skip to the final page and click Next.
  • In the page that follows, include the WMI filters in the simulation if required, else skip to the final page and click Next.
  • In the page that follows, a summary of all selections made in the wizard is displayed. To process the simulation click Next.
  • Finally, click Finish to close the wizard.

This action creates a  folder that can be seen in the left pane of the GPMC that bears the name of the user/computer that is tested. Open it to display the outcome of the simulation. These reports give information about the properties and policy settings of GPOs and how the implementation of group policy modeling proceeded/succeeded. The Summary tab gives information about the GPOs that were used to compile the policy. The Settings tab lists the effective policy settings. The Query tab displays the criteria based on which the simulation was carried out.


People also read

Managing GPOs with Group Policy Management Console

Fine-Grained Password Policy: A Step-by-Step Configuration Guide

Managing GPOs in Active Directory

Related posts
Active Directory Policies

Block windows app installation with elevated privileges using GPO

Active Directory Policies

GPO to prevent regular users from changing MSI installation options

Active Directory Policies

GPO to prevent autoplay on non-volume devices

Active Directory Policies

Prevent remote logon for local accounts with blank password - GPO

×

There are over 8,500 people who are getting towards perfection in Active Directory, IT Management & Cyber security through our insights from Identitude.

Wanna be a part of our bimonthly curation of IAM knowledge?

  • -Select-
  • By clicking 'Become an insider', you agree to processing of personal data according to the Privacy Policy.