Friday, July 2, 2010

Windows Server 2008 R2 and Windows 7 Group Policy- PowerShell Support

The major change in this release of Windows that I alluded to earlier is added support for PowerShell within the Group Policy universe. Microsoft added support for running PowerShell scripts within per-machine or per-user scripts policy and provided a set of 25 PowerShell cmdlets for PowerShell 2.0 that support many of the operations you can perform within Group Policy Management Console (GPMC). Let’s look first at the new scripts policy support.

When you create a new startup script or logon script in GPE, you’ll see a new tab. You can now add PowerShell scripts to your scripts policy and control whether the scripts run before or after non-PowerShell scripts. But note that only Server 2008 R2 and Windows 7 Group Policy clients will run these new PowerShellbased script policies. They won’t work on earlier versions of Windows.

Perhaps the more interesting of the PowerShell enhancements is a set of cmdlets within a new PowerShell 2.0 module for Group Policy. These cmdlets encapsulate many of the functions found within the GPMC sample scripts that used to ship with that tool. From the PowerShell cmdlets, you can perform Group Policy–related administrative tasks such as creating new GPOs or deleting existing ones, linking GPOs to OUs or domains, and repermissioning GPOs.

Note that to use the GroupPolicy module, you must be running PowerShell 2.0 on Server 2008 R2 or Windows 7. To provide this kind of GPMC PowerShell functionality on earlier versions of Windows, I’ve written a set of GPMC PowerShell 1.0 cmdlets that you can download for free at my website (www.sdmsoftware.com/freeware).

Let’s look at an example of the kind of power these new cmdlets provide. Suppose you want to create, permission, and link a GPO within a PowerShell script. The following one-line command does all that by leveraging three of the new cmdlets and the PowerShell pipeline:

new-gpo "Marketing IT GPO" |
Set-GPPermissions -TargetName
"Marketing Users" -TargetType Group
-PermissionLevel GPOEdit | new-gplink
-order 1 -Target "OU=Marketing,
DC=cpandl,DC=com"

Source of Information : Windows IT Pro June 2010

No comments: