Group Policy

Script to modify the defaultSecurityDescriptor attribute on the Group-Policy-Container schema class object

June 29, 2016

Last week I published an article about the changes in the behavior of Group Policy processing after the deployment of security update MS16-072 under KB3163622. It included a script to assist with the remediation of Group Policy permissions: Script to report on and remediate the Group Policy security change in MS16-072. Of course that’s not where it […]

Read the full article →

Script to report on and remediate the Group Policy security change in MS16-072

June 22, 2016

On June 14th 2016 Microsoft released security update MS16-072 under KB3163622 that changes the behavior of Group Policy processing so that user group policies are now retrieved by using the machine’s security context instead of the user’s security context. This is a by-design behavior change from Microsoft to protect computers from a security vulnerability. Update 23/06/2016: Microsoft […]

Read the full article →

Script to Create, Import and Export Group Policy WMI Filters

June 9, 2014

This PowerShell script will Create, Import and Export Group Policy WMI Filters. I wrote this script to cover a number of different scenarios: To create a default set of GPO WMI Filters for new builds. To document existing WMI filters for health checks and audits. To provide a mechanism to migrate WMI filters between Dev, […]

Read the full article →

Script to Generate a Group Policy Object (GPO) Version Report

May 23, 2014

Is there a version match between your Group Policy Object (GPO) containers and templates? This PowerShell script will check that the version of each GPO is consistent in the Active Directory Group Policy Container (GPC) and on each Domain Controller in the Group Policy Template (GPT). All Windows Operating Systems (since Windows 2000) will apply the GPO […]

Read the full article →

Active Directory Health Check, Audit and Remediation Scripts

May 15, 2014

I’ve been doing Active Directory work for many years and as such have a library of hundreds of scripts to assist with health checks, audits, and remediation tasks that I would like to share with the community. But it’s not just a case of providing a script that creates a CSV or screen output, etc, […]

Read the full article →

Script to Create the ADMX Central Store

February 25, 2014

I find it amazing how many Active Directory environments I review that do not have an ADMX Central Store set up. It’s been a best practice since the release of Windows Vista/2008 some 7 years ago now. What I find is that there tends to be ADMX sprawl across management servers and even the workstations […]

Read the full article →

An improved and enhanced version of the famous LaunchApp.wsf

September 3, 2012

Have you ever wondered why your logon script fails to map network drives when an Administrative user logs onto a computer with User Account Control (UAC) enabled; even though the drive mapping process completes successfully? To understand this you need to read the section from “Group Policy Scripts can fail due to User Account Control” […]

Read the full article →

Finding Orphaned Group Policy Objects

September 3, 2012

Group Policy Objects (GPOs) are stored in two parts: GPC (Group Policy Container). The GPC is where the GPO stores all the AD-related configuration under the CN=Policies,CN=System,DC=… container, which is replicated via AD replication. GPT (Group Policy Templates). The GPT is where the GPO stores the actual settings located within SYSVOL area under the Policies folder, which […]

Read the full article →

Using a Group Policy WMI filter to test for a registry value

May 10, 2009

I wanted a clean and simple way to prevent group policies applying during an automated build process. This is because it can potentially cause some of the components of the build process to fail. One of the last tasks to run on all servers built using my unattended build method will stamp the registry with […]

Read the full article →

Scripting updates to the GPT.ini for the Local Group Policy

August 26, 2008

Updated on 27th October 2010. I came across a challenge whilst working on a big XenApp deployment in a Novell environment. I needed to make changes to the Local Group Policy Object on all Terminal / Citrix servers. This was specifically required for implementation of a logoff script, as logoff scripts are not supported via […]

Read the full article →

← Previous Entries