"The Group Policy Experts"

 

 

Home
FAQs & Whitepapers
FREE Tools & Scripts
Books & Articles
Consulting Services
Video Training
Vendor Resources
Mailing Lists
Group Policy Blog
Search
About this Site
Contact GPO Guy

 

 

Like the power of Group Policy but not the complexity? SDM Software has the solution! Desktop Policy Manager is our new web-based product for simplifying desktop configuration management using Group Policy! Evaluate it today!

 

FREE Tools & Scripts

DISCLAIMER: Everything posted here is offered as is. By downloading it, you accept full responsibility for testing to ensure it does not cause any problems in your own environment. There is no warranty on any of the code or files on this page, so it's up to you to make sure it's safe for your environment. Please don't repost or re-use the tools or content elsewhere unless you get prior approval from the author (all GPOGuy tools are written by me unless otherwise noted). Many of the files on this page are offered as freeware (unless otherwise noted by the author), and as such should not be sold by anyone else.

 

 

Want to be notified when there's a new free GPOGUY or SDM SOFTWARE tool or an update to an existing one? Just click here to send an email to sign up to be notified.  I promise I won't sell your email or spam you for anything else other than GPOGUY & SDM SOFTWARE tool and products!

 

Subscribe to  updates of GPOGUY.COM

 

       GPOGUY Tools

Note: If you are trying to run my utilities from a network share, you are likely to get .Net security exceptions, because the default .Net security policy will not trust apps running from a network share. As a result, you can modify the default .Net Code Access Security policy on the machine where you're running the app from to ensure that it works as expected. Thanks to Tyson Flint for providing the steps below:

  1. Open the Control Panel

  2. Open Administrative tools

  3. Open Microsoft .Net Framework 1.1 (or 2.0) Wizard

  4. Click Adjust .Net Security

  5. Click Next

  6. Select Local Intranet

  7. Change the level of trust to Full

  8. Click Next

  9. Click Finish

 

 

       3rd Party GP-related Tools

GPOGUY Tools

Local GPO Disable Script

This .vbs script will disable the local GPO on a given pre-Vista system (Vista comes with an Admin. Template policy to do this). On Win2K, XP and 2003, there is no centralized way to disable the Local GPO. You can use this script in a Group Policy Startup Script to accomplish the task. Note that because this script edits a protected file on the local system, a normal user account will not be able to successfully run this, so you won't be able to deliver it as a logon script. That is why I recommend running it as a startup script.

AD,DNS, FRS, DFS-R,Forwarded Events, Hardware Events Event Log Settings ADM Template

Updated 28/12/06 by Jorge de Almeida Pinto [MVP-DS] (http://blogs.dirteam.com/blogs/jorge/default.aspx) to add configuration for DFS Replication, Forwarded Events and Hardware Events logs found in Windows 2003 R2

This is a custom .ADM file that exposes the log size and retention method options for the "non-standard" event logs found on Active Directory Domain Controllers. Specifically, with this policy you can set maximum size and retention method for the AD, DNS and FRS event logs. When loaded into a GPO, these ADM options appear as preferences under Computer Configuration\Administrative Templates\System\Event Log (see Figure below). NOTE: In order to see these policies in the GPO editor, you have to set the Filter that says you want to view "unmanaged" policies.

 

GPO Editor Clipboard Utility

UPDATED!!!! Well, Chuck has come through again and now this utility will copy the entire policy path into the clipboard, from the actual policy item on up! Just as before, select the policy item in the right-hand result pane then hold down CTRL-SHIFT and right mouse click. The whole policy path will be copy to the clipboard. Cool!

This is a handy little MMC namespace extension DLL written for me by one of the smartest guys I know--Chuck McDonald. Chuck can do pretty much anything with code. One thing I've always been frustrated about in the GPO Editor tool is the inability to copy the path that you're currently selected on to the clipboard. This is handy for documenting GPO changes and describing to others where to find a particular policy. If you download this ZIP file, copy the DLL to somewhere on your machine and register it using regsvr32 gpoguycopynodepath.dll. Now, you can't use it with pre-created GPO .msc files, like those found in the Administrative Tools folder or gpedit.msc, but if you create your own MSC, it works just great. The way it works is, while highlighting a particular path in the left-hand scope pane of a GPO editor tool, press the CTRL and SHIFT keys, then right mouse-click on the node you're selected on. The full path within the GPO will be copied to the clipboard. For example, if I've highlighted Computer Configuration|Windows Settings|Security Settings|Local Policies|User Rights Assignment, then that full path will be copied to the clipboard by pressing CTRL-SHIFT-Right Mouse. Simple! Currently the tool doesn't capture actual policy items in the right-hand results pane, but that was my next request to Chuck so stay tuned.

 

GP Time Utility (This tool works for XP and Server 2003 only--Win2K not supported)

 NOTE: You need the .Net Framework 1.1 installed on the machine where you run this utility from. This handy little utility is designed to quickly and succintly report the last time computer and user Group Policy was run on a local or remote system. If there has been more than one user logged onto the system, the tool will report GP processing times for all users found. The tool provides the start and stop times for the last processing cycle as well as total elapsed time, which can be handy to see if a set of GPOs are taking too long to process. The output looks like that shown in the Figure below:

The Figure above show the tool running against the local machine. If you want to check a remote machine, simply supply the machine name after the command like this:

gptime workstation1

3rd Party GP-related Tools

SpecOps GPUpdate

The SpecOps guys in Sweden have released a very cool free add-on to AD Users and Computers that let's you graphically and remotely refresh Group Policy on remote nodes as a right-click option in the UI. Its also let's you do a refresh across multiple machines and provides a cool graphical progress bar. Not bad for a free tool!

SysProSoft GP-related Utilities

Alan Cuthbertson over at SysProSoft down in Oz has some cool utilities that I wanted to point out. The latest is a neat parser for Userenv.log files, called Policy Reporter. He's also got a nifty ADM Template Editor to help simplify the process of creating ADM templates. Finally, He's got some GP Management software, called PolMan, with some nifty reporting and troubleshooting features.

RegtoADM

This is part of a set of utilities called NUTS. And can be downloaded at http://yizhar.mvps.org/

RegtoADM takes as input standard .reg registry files and creates custom ADM templates from them that can be edited to your liking. Pretty cool.

ADM to Excel tool

This cool little executable from a member of Microsoft's Dutch DPE Group lets you read an ADM file, and it converts the contents to an Excel spreadsheet. It also appears to read whether the settings in ADM file have been set on the machine where the tool is run--documenting which policies have been implemented. Pretty cool! Get it here!

 

 

Home ] FAQs & Whitepapers ] [ FREE Tools & Scripts ] Books & Articles ] Consulting Services ] Video Training ] Vendor Resources ] Mailing Lists ] Group Policy Blog ] Search ] About this Site ] Contact GPO Guy ]

Copyright © 2006 GPOGUY.COM
Last modified: 06/11/07