- Group Policy Powershell Scripts
- Powershell Edit Local Group Policy
- Edit Local Group Policy With Powershell Scripting
In the Group Policy Management Editor, I right-click the domain, and then click Create a GPO in this domain. This is shown in the following image. Right-clicking the newly created GPO in the Group Policy Management Console and clicking Edit opens the Group Policy Management Editor, which is shown in the following image. Because I am interested. Aug 14, 2010 Using Group Policy to Deploy a Windows PowerShell Logon Script. In the Group Policy Management Editor, I right-click the domain, and then click Create a GPO in this domain. This is shown in the following image.
Objective: I'm attempting to modify a GPO (2008R2 AD) via Powershell (v3). Specifically the value of the User Configuration -> Policies -> Windows Settings -> FileRedirection -> Documents UNC path.
Initial attempt:
Assuming I'm reading the information correctly at http://technet.microsoft.com/en-us/library/ee461027.aspx, the above Powershell snippit should restore the XML at the local folder location to the GPO in AD. [[I've confirmed that the template values ($StringToFind) do not occur within any other file in the GPOBackupFolder directory.]]
However, the changed values from the local XML files are NOT being restored to AD. I have confirmed this by doing an additional backup of the GPO after restoring it and comparing the initial (modified) backup files (which have been restored) to the post-restore backup value (now containing the /Original/ values!).
Has anyone else attempted this and/or can explain this behaviour as to why Restore-GPO would not be restoring the content of the backup files?
3 Answers
UPDATE: I found a way to directly modify the GPO's ini file on the DC.
As this solution does NOT use any API, I consider this a HACK; however, thus far it's the only solution I've encountered.
From what I've been able to glean (from my limited workings in that world) about AD Architecture & DC Replication, The SYSVOL section of the DC will be replicated to other DC's in the Forrest, same as if the changes were made via MMC. Can anyone confirm this?
Note: As far as I can tell, this script must be run locally from a DC in the same org as the GPO being affected.
I've POC'd this, and it functions properly & With any luck someone else will find this method helpful; however I'm hopeful someone finds a better way to do this.
Cheers!
JonnyGJonnyGGroup Policy Powershell Scripts
I stumbled upon this post and decided to take it on myself without doing hacks. While the content was actually in the XML file, the GPO Restore is actually looking at registry.pol instead. I was doing Machine-level policies, so it was in DomainSysvolGPOMachineregistry.pol.
Once I edited that file (which is somewhat obfuscated - see here for directions) - https://gallery.technet.microsoft.com/scriptcenter/Read-or-modify-Registrypol-778fed6e
...I was able to restore the copied GPO and have it have the correct settings.
I have 300 GPO's I need to create which all look somewhat similar, so this will save countless hours of time.