"The Group Policy Experts"

 

 

 
Evaluate the GPExpert™ Scripting Toolkit for PowerShell from SDM Software. Finally, the ability to script Group Policy settings within local and domain-based GPOs! Register to evaluate the product at SDM Software.

    

Free PowerShell Cmdlets for Group Policy

NEW! 12 PowerShell cmdlets for GPMC--builds on what we have here with the following:

Add-SDMgplink: Links a GPO to a particular AD container (site,domain or OU)
Get-SDMgplink: Retrieves a list of linked GPOs from a particular AD container
Remove-SDMgplink: Removes a GPO link from a given AD container
Export-SDMgpo: Backs up a GPO to a given folder path
Get-SDMgpo: Retrieves information about one or all GPOs in a domain
New-SDMgpo: Creates a new GPO in a domain
Remove-SDMgpo: Deletes an existing GPO from a domain
Restore-SDMgpo: Restores a GPO from backup
Get-SDMgpoBackups: Retrieves the list of all backed-up GPOs (or a given GPO) from a given folder path
Add-SDMgpoSecurity: Adds a GP permission (ACE) for a given group to a given GPO
Get-SDMgpoSecurity: Retrieves a list of GP permissions from a given GPO
Remove-SDMgpoSecurity: Removes a particular permission for a given group from a given GPO.

You can download these at the SDM Software Freeware site

 

Here are two of the cmdlets we have on this site:

get-SDMGPO --gets information about GPOs

new-SDMGPO --creates new GPOs

 

get-SDMgpo 1.0: This cmdlet lets you retrieve information about GPOs in an AD domain. You can either enter a particular GPO name (e.g. "Default Domain Policy") or enter * to get a list of all GPOs in a domain. The following screen shot shows me listing the properties on the WSUS Test GPO.

Since PowerShell is all about objects, you can pipe the output of this cmdlet to any other cmdlet that lets you manipulate format or related information.

Installation Instructions:

  1. First off, you will need GPMC installed on the system where you run these cmdlets. The cmdlets rely on GPMC.
  2. Copy the files in the zip file to a folder where you keep your PowerShell cmdlets.
  3. Run PowerShell (if you are on Vista you will need to run PowerShell as administrator to complete this installation step).
  4. When PowerShell is started, change directories to the folder where you installed the cmdlet DLLs.
  5. Issue the following command to get easy access to the installation utility:

        set-alias installutil $env:windir\Microsoft.NET\Framework\v2.0.50727\installutil

  1. Next, type installutil get-SDMgpo.dll. This will register the get-SDMgpo cmdlet.
  2. To verify that the cmdlet registered correctly, type get-pssnapin -registered. You should see the get-SDMgpo cmdlet
  3. Finally, type add-pssnapin get-SDMgpo

    At this point, you should be able to type get-SDMgpo *  and get a full listing of all GPOs in your domain. Keep in mind that you have to run this cmdlet from a machine that is a member of an AD domain, otherwise it won't be able to detect the domain. (Maybe a future version will let you specify domain!)

If you have any feedback or questions on this cmdlet, just email us!

What Else Can you Do with this Cmdlet?

Well, because everything in Powershell is an object, the get-SDMGPO cmdlet is no exception. The cmdlet uses GPMC to do its work, and the resulting output is a GPMC object called GPMGPO. GPMGPO has a number of methods and properties you can call on it. For example, if you want to create a GP Settings report on a GPO you call from the cmdlet, you can do this in PowerShell:

$a=get-sdmgpo “Default Domain Policy”

$a.GenerateReportToFile(1,”c:\reports\ddp.html”)

Using a 0 instead of a 1 in the 1st parameter would output the GPO as XML rather than HTML. The 2nd parameter is the path to the HTML (or XML) file you want to create.

Or, if you want to backup a GPO using the cmdlet, you can do it in two lines as such:

 $a=get-sdmgpo “Default Domain Policy”

$a.Backup("c:\gpbackups","Backup of Default Domain Policy on 6/10/07")

Where "c:\gpbackups" is the location where the backup will be stored and the 2nd parameter is a comment attached to the backup.

You can also delete a GPO simply by calling the delete method as here:

 $a=get-sdmgpo “My GPO”

$a.delete()

 Finally, you can do things like enable and disable the user and computer side of a GPO. For example, to disable the computer side of a GPO, you can do:

$a=get-sdmgpo “My GPO”

$a.SetComputerEnabled(0)

Where 0 is false and 1 is true. The same holds true for the SetUserEnabled() method.

To see additional methods available on this cmdlet, you can check out the GPMC's help file and look for the IGPMGPO interface in the reference there.

 

new-SDMGPO 1.0 : This cmdlet lets you create new GPOs in the AD domain of your choice, as shown in the screenshot below.

Download the File

Installation Instructions:

  1. First off, you will need GPMC installed on the system where you run these cmdlets. The cmdlets rely on GPMC.
  2. Copy the three files in the zip file to a folder where you keep your PowerShell cmdlets.
  3. Run PowerShell (if you are on Vista you will need to run PowerShell as administrator to complete this installation step).
  4. When PowerShell is started, change directories to the folder where you installed the cmdlet DLLs.
  5. Issue the following command to get easy access to the installation utility:

        set-alias installutil $env:windir\Microsoft.NET\Framework\v2.0.50727\installutil

  1. Next, type installutil new-SDMgpo.dll. This will register the new-SDMgpo cmdlet.
  2. To verify that the cmdlet registered correctly, type get-pssnapin -registered. You should see the new-SDMgpo cmdlet
  3. Finally, type add-pssnapin new-SDMgpo

    To get help on the syntax for this cmdlet, just type get-help new-sdmgpo at a Powershell prompt.

If you have any feedback or questions on this cmdlet, just email us!

 

 

Copyright © 2006 GPOGUY.COM
Last modified: 06/11/07