While working on GPOs related stuff, initially I struggled to find a way to know list of GPOs available in my machine. After a bit of research I found that list will be available at registry location “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonGPExtensions”. I am satisfied and started looking at this location whenever I want to know CSE settings. But a bit later, I found this procedure also little bit difficult and finally relied on my favorite to get this information for me. Below are the examples,
To list all CSEs installed in my machine alone with their GUID, use below one liner.
PS C:> Get-ItemProperty “HKLM:SOFTWAREMicrosoftWindows NTCurrentVersionWinlogonGPExtensions*” | ft “(default)”, PSChildName
And the output of above command will be something like this…
To list the properties of a given CSE(say drive mappings), use the below one liner.
PS C:> Get-ItemProperty “HKLM:SOFTWAREMicrosoftWindows NTCurrentVersionWinlogonGPExtensions*” | where {“$_.(default)” -like “*drive*”}
Similarly, to list the Internet Explorer Branding CSE related settings, use the below one.
PS C:> Get-ItemProperty “HKLM:SOFTWAREMicrosoftWindows NTCurrentVersionWinlogonGPExtensions*” | where {“$_.(default)” -like “*Internet Explorer Branding*”}
Similarly, you can play with remaining options if you have some PS knowledge. Let me know if can not make out any particular thing.
Happy Learning..,
Sitaram Pamarthi
“I have a GPO GUID and want to know to which GPO this belongs to?”. If that is your question, you can happily use the below method. For this you need to have “support tools” of Windows 2003. You can get it from Microsoft Web Site as well. Alternatively, you can copy search.vbs from any machine where support tools package is installed.
cscript /nologo search.vbs “LDAP://dc=mydomain,dc=com” /C:”&(objectClass=groupPolicyContainer)(name={31B2F340-016D-11D2-945F-00C04FB984F9})” /P:displayName /S:SubTree
Happy Learning..,
Sitaram Pamarthi
tags:how to find GPO name, GPO GUID to name resolution
It’s a four step process!. You can refer to my previous article if you want to understand about GPPs. In this post, I will take through the practical steps required for implementing Group Policy Preferences in a Windows 2003 Domain based environment. I am not going to talk about configuring any granular settings in GPPs but I will give you idea about introducing GPP infrastructure into your environment.
Step-1 : Install Group Policy Preference client side extensions(CSE) & XMLLite
GPP CSE: You need to deploy the GPP CSE package to all computers which are running with alteast Windows XP SP2/Windows 2003 SP1. This is to make your legacy operating systems understand the new GPP settings. Below are the download locations for GPP CSEs for different OS versions.
Similarly you need to install XMLLite Low lever parser on computers which are running with atleast Windows XP SP2 or Windows 2003 SP1. Download location is available here.
Step-2: Install a Windows Vista/Windows 7 Computer into your domain.
Configuration of GPPs is only possible through GPMC installed on Windows Vista/Windows 7 computer. Install one of these operating system on one computer in your network and add it to your domain.
Step-3: Install Remote Server Administration Tool kit
Based on the OS version(vista/Windows 7) your have installed, download appropriate RSAT and install it. After the installation, you need to enable the GPMC feature.
RSAT download links:
Follow the below steps for enabling GPMC..
a) Go to Control Panel
b) Switch the view to “small icons” and select the “program and features” option from control panel. This opens below windows.
c) Select “Turn Features On or Off” option from above screen and you will ne presented to with a window to select the features.
d) Navigate to “Remote Server Administration Tools” node and select “Group Policy Management Tools” check box like shown below and click on OK.
e) This completes configuring the features
Step-4: Start Configuring GPPs
Now we are done with setup. Go Start-> Run -> type “gpmc.msc” on Windows 7/vista machine to bring up the GPMC management console. Now create a new GPO for desired OU and click on Edit. Now the GPO editor will contain two sections, “Policies” and “Preferences” under User and Computer settings. And need less to say that GPP settings can be configured from “Preferences” section.
GPP is a new technology introduced with Windows Server 2008 to make life of administrators much easy. There are variety no. of settings available in GPPs which helps you manage your system effectively.
Using GPPs you can administer the following components of Operating System. You can manage both these user-based and computer based settings from GPPs. The below list shows the settings available in GPPs. A setting can be applied to either a computer or a user or to both based the setting.
- Applications (User-based)
- Drive Mapping (User-based)
- Environment Variables (User-based and computer-based)
- Files (User-based and computer-based)
- Folders (User-based and computer-based)
- Ini Files (User-based and computer-based)
- Registry (User-based and computer-based)
- Shortcuts (User-based and computer-based)
- Network Shares (Computer-Based)
- DataSources (User-based and computer-based)
- Devices (User-based and computer-based)
- Folder Options (User-based and computer-based)
- Internet Settings (User-Based)
- Local Users and Groups (User-based and computer-based)
- Network Options (User-based and computer-based)
- Power Options (User-based and computer-based)
- Printers (User-based and computer-based)
- Regional Options (User-based)
- Scheduled Tasks (User-based and computer-based)
- Start Menu (User-Based)
- Services (Computer-Based)
If no targets are applied, all the computer/users under this policy will get these settings. If you want to restrict this policy to specific users/computers inside OU, then you need to use targeting. There are 25 targeting options are available which can be used alone or in conjunction with other items. Some of the interesting targets are battery present, computer name, disk space, IP address range, LDAP query, OU, Regkey match, security group, site name, user name and wmi query.
Some of the uses of GPPs are…
- You can restrict the desktops local administrators group membership. If any one adds their account to local admins, that will be taken off during the next GPO processing due to GPP setting.
- You can execute scripts, commands in user context at scheduled times.
- Control power options on laptops/desktops
- Easily deploy files to desktops based on user and computer
- Push short cuts to user/desktops
- And GPPs can definitely replace some of the settings which are being handled by your computer/user login scripts now. Using GPPs for these settings considerably less time than using scripts.
Compatibility…
I am sure many of the users will look for this information after going through the GPP exciting features. Though this feature released with Windows 2008 server, you can happily use GPPs in your existing Windows Server 2003 domain which has XP clients. The only thing you need to do is deploy GPP Client side extensions package from Microsoft. The latest buddies like Windows Vista, Windows 7, and Windows 2008 server will come this CSE by default.
You can read more details about this from below sources…
Happy Learning…,
Sitaram Pamarthi
