1
00:00:03,050 --> 00:00:03,550
Okay.

2
00:00:03,560 --> 00:00:07,280
So let's go ahead and take a spin around the PowerShell group policy module.

3
00:00:08,210 --> 00:00:10,190
I'm going to go ahead and start PowerShell.

4
00:00:10,280 --> 00:00:14,780
But when I do it, I'm going to run it as administrator because there are certain operations I'm going

5
00:00:14,780 --> 00:00:18,590
to want to perform against GPOs that are going to need my full admin permission.

6
00:00:19,460 --> 00:00:23,120
So I'm going to go ahead and do that in PowerShell.

7
00:00:23,120 --> 00:00:28,220
V4, Microsoft introduced this concept that's sort of on demand module loading where you could type

8
00:00:28,220 --> 00:00:33,170
the name of a command lit, and if the module wasn't already imported, you could it would automatically

9
00:00:33,170 --> 00:00:34,310
imported by default.

10
00:00:35,180 --> 00:00:40,490
But if you're not in that version, you can just type import module, name, group policy and the module

11
00:00:40,490 --> 00:00:41,210
gets imported.

12
00:00:42,110 --> 00:00:45,500
Now remember, I type get command module, group policy.

13
00:00:46,320 --> 00:00:51,060
And it gives me a list of the command lists and aliases that are available in this module, in this

14
00:00:51,060 --> 00:00:52,230
group policy module.

15
00:00:53,070 --> 00:00:56,400
And so the simplest one that I'm going to start with is get GPO.

16
00:00:57,240 --> 00:01:00,840
So get GPO, lets me get a reference to a group policy object.

17
00:01:01,740 --> 00:01:08,640
So I'm going to typically I'm going to use the command lit tab completion to show you some of the parameters

18
00:01:08,640 --> 00:01:09,840
that are available here.

19
00:01:10,710 --> 00:01:16,410
So I can provide a name, I can provide a grid, I can provide a domain if I want to get access to GPOs

20
00:01:16,410 --> 00:01:22,200
in different domains other than the one I'm currently in and I can tell it which server or DC I want

21
00:01:22,200 --> 00:01:25,770
to connect to to get this information so I can specify a DC.

22
00:01:26,660 --> 00:01:29,990
I can also with GPIO use the all parameter.

23
00:01:30,830 --> 00:01:37,550
And what this is going to do if I hit enter is it returns a list of all the GPOs in my domain and you'll

24
00:01:37,550 --> 00:01:45,380
see that it's got for a given GPO the display name, the domain name, the owner of the GPO, the grid

25
00:01:45,380 --> 00:01:49,370
or ID of the GPO, the status of the GPO.

26
00:01:50,150 --> 00:01:55,670
Any description which is the comment field created modified times and then the user and computer versions

27
00:01:55,670 --> 00:01:58,940
and any WMI filters that might be linked to this GPO.

28
00:01:59,750 --> 00:02:04,820
Now, if I wanted to just get information about one GPO, I could just type name and then lock down

29
00:02:04,820 --> 00:02:06,170
policy, for example.

30
00:02:07,010 --> 00:02:11,630
Or let's use the last one on the list, which is scripts policy, and I can go ahead and get scripts

31
00:02:11,630 --> 00:02:12,200
policy.

32
00:02:13,060 --> 00:02:15,220
I can also assign this to a variable.

33
00:02:16,120 --> 00:02:22,780
So if I go to GPO equals get GPO name scripts policy then now dollar GPO represents this GPO and I can

34
00:02:22,780 --> 00:02:24,100
do some modification on it.

35
00:02:24,970 --> 00:02:28,290
So for example, you see the GPO status property here.

36
00:02:28,300 --> 00:02:32,040
And remember I mentioned there is no direct conflict for modifying status.

37
00:02:32,050 --> 00:02:33,130
But what if I do this?

38
00:02:34,060 --> 00:02:40,930
So what if I said dollar, dollar, dollar, GPO, GPO status, it returns all settings enabled.

39
00:02:41,830 --> 00:02:47,350
Now I happen to know that that's an enumeration that lists or that that contains all the possible values.

40
00:02:48,250 --> 00:02:55,390
So if I were to say dollar GPO status equals zero and then go back and say dollar status, all settings

41
00:02:55,390 --> 00:02:56,440
are disabled now.

42
00:02:57,310 --> 00:03:00,430
And that's actually been changed in the GPO permanently.

43
00:03:01,270 --> 00:03:05,770
You'll see here now that the property or the status on the GPO is set to disabled.

44
00:03:06,640 --> 00:03:09,700
So I can make modifications to certain properties.

45
00:03:10,630 --> 00:03:15,010
Not all properties are modifiable, but in that one, in that particular case it was.

46
00:03:15,020 --> 00:03:19,420
So I was able to make a settings or status change to that GPO using PowerShell.

47
00:03:20,290 --> 00:03:25,960
So there's a lot of flexibility in what you get with the PowerShell command lets and I'm going to talk

48
00:03:25,960 --> 00:03:32,110
more about those and I wanted to just kind of introduce you to the module, get you familiar with some

49
00:03:32,110 --> 00:03:37,660
of the basics and the get GPO Command Let is probably the most basic one you'll start with.