GPO import

The settings of a backed up GPO can be imported into an existing GPO. To do this via powershell the cmdlet is: import-gpo -BackupGpoName TestGPO -TargetName TestGPO -path c:\backups In …

GPO reset default GPOs

Best practice is not to modify the default domain policies but if they are ever need to be restored back to the original state the following command can be used. …

GPO configure item-level targeting

The power of preference extension come in Item-Level targeting. This can be used to narrow the scope of which the extension applies to, for example users in a certain security …

GPO Internet Explorer settings

Internet Explorer settings can be configured in preference extensions in the control panel section of both user and computers. It displays the same dialog box as IE internet options.  

GPO power options

Printer preference extension allows for the creation, modification and deletion of local, shared, and TCP/IP printers without having to create and maintain logon scripts.  Printers can be set in either computer or …

GPO network drive mappings

Drive maps preferences extension allow for the mapping of network drives. Action has the following options create, replace, update and delete. Location: type a fully qualified UNC path for the network …

GPO printers

This extension allow for the creation, modification and deletion of local, shared and TCP/IP printers. Above is adding a shared printer. In the actions drop down there is Create, Replace, …

GPO Group Policy preferences

Group policy preference allow you to manage drive mappings, registry settings, local users and groups, services, files, and folders without the need to learn a scripting language in the familiar Group Policy …

GPO copy

GPOs can be copied, to do this with powershell the cmdlet is: Copy-GPO -SourceName “TestGpo1” -TargetName “TestGpo2” It can also be done in GPMC by right clicking the GPO and …

GPO restore

GPO can be restored by powershell with the following cmdlet Restore-GPO -Name “Default Domain Policy” -path <path to GPO backups> As well as powershell, GPMC can be used to restore. …

GPO backup

GPO can be backed up either by powershell or GUI The cmdlet for backing up GPO is  Backup-GPO -All -Path <path to GPO backup> To backup via the GUI in …

GPO Filtering administrative templates

The list of administrative templates can be filtered, to do this first right click on Administrative templates and select Filter Options. Filtering based on properties You can filter based on …

GPO custom administrative template file

Extra administrative templates can be added by: Copying the admx and adml  files to the  PolicyDefinition folder Withing GPMC’s GPO right click on Administrative Templates and click Add/Remove Templates,  this …

GPO import security templates

Security templates are .inf files that contain security settigns.  Security Templates can be imported into a GPO via the GPMC. To import a security template Expand Computer Configuration/Policies/Windows Settings/Security Settings Right click …

GPO administrative template

Group policy administrative templates are a xml based file with admx file extension. The language specific template files have the adml file extension.  In the GPMC administrative template are found in the …

GPO scripts

GPO can be used to run script at computer startup and shutdown as well as User logon and logoff. These script can be windows powershell or any Windows Script Host …

GPO folder redirection

Folder redirection allows for redirecting certain user folders, for example My Documents, to a location on a file server. Files in the redirected folder are then available to the user …

GPO Force Group Policy Update

Group policy can be updated in individual devices by running the gpupdate  /Force command. The /Force  applies all policy settings, not just those that have changed. To remotely update Group …

GPO caching

Group Policy caching was created to improve processing under certain circumstances. It allows for Group Policies to be run locally instead of downloading over the network at startup or logon. This …

GPO client-side extension (CSE)

A client-side extension run on the client computer to implement Group Policy on that computer. In GMPC settings can be modified for slow link, background processing and process the policy …

AD Service Accounts

Traditionally service accounts have been user accounts at provide authentication and authorization for applications or services running on windows servers. After creating the account in Active Directory Users and Computers, we …

GPO software installation

Group policy can be used to deploy software to computers. The steps to do this involve Create a shared folder which the users or computers can access. The msi files …

GPO slow-link processing

When a user logs into their device, it contacts the domain controller for the latest GPOs.  There are mandatory GPOs that will always be applied but some will not if …

GPO Loopback processing

In Group policy loopback processing modifies the default processing order, it is a computer setting and applies different user settings to a user logged into the computer that the GPO …

GPO WMI Filtering

Windows Management Instrumentation (WMI) filtering can be used so that a GPO only applies if certain requirements are met, for example the Operating System is of a certain version or …

GPO Security filtering

By default GPO applies to all objects within the Organizational Unit, with the Authenticated Users group applied to the GPO. To control or limit what groups, users or computers that …

GPO enforce policies

Normally GPOs are process in the link order (see GPO processing order and precedence) and if Block inheritance is enabled high up GPOs are not processed  but when a GPO …

GPO blocking of inheritance

The default processing order of GPOs (see GPO processing order and precedence) can be modified, one of the ways is the blocking of inheritance. If blocking of inheritance is set …

GPO processing order and precedence

The processing order of Group Policies effects what settings are applied to the end user or computer.  The Local computer policy is first processed and then Active Directory policies from  …