1 00:00:03,060 --> 00:00:07,800 So let's look at some basic management tasks that can be accomplished with PowerShell. 2 00:00:08,670 --> 00:00:13,470 So let's start with creating, renaming and deleting and also counting GPOs. 3 00:00:14,370 --> 00:00:17,150 So to create a GPO, it's really simple. 4 00:00:17,160 --> 00:00:19,710 You just type new GPO, give it a name and you're good. 5 00:00:20,580 --> 00:00:26,370 Now for renaming a GPO, you just use the renamed GPO can let you give it the existing name using the 6 00:00:26,370 --> 00:00:30,060 name parameter and the target name, meaning the name you want to rename it to. 7 00:00:30,870 --> 00:00:35,340 In this case, marketing lock down policy and you're good to go. 8 00:00:35,370 --> 00:00:36,420 It makes the change. 9 00:00:37,320 --> 00:00:41,460 I also want to note that the GPIO names in this case are not case sensitive. 10 00:00:41,490 --> 00:00:46,530 So you can use lower or upper or any combination as long as it matches the case in sensitive name value. 11 00:00:46,560 --> 00:00:47,400 You're good to go. 12 00:00:48,240 --> 00:00:52,080 So don't worry about either GPO name, case or even parameter case. 13 00:00:52,950 --> 00:00:58,410 I, I try to capitalized my parameters here, but I haven't done it universally and it actually doesn't 14 00:00:58,410 --> 00:00:59,850 affect the behavior one bit. 15 00:01:00,750 --> 00:01:05,550 So to delete a GPO, you just call the remove GPO, complete with the name of the GPO. 16 00:01:06,360 --> 00:01:11,760 And then finally, if I wanted to get a count of all GPOs in my domain, I can simply type get GPO, 17 00:01:11,760 --> 00:01:18,840 I'll put that in parentheses, and that acts as an an expression and then get the count property on 18 00:01:18,840 --> 00:01:19,740 the result of that. 19 00:01:20,610 --> 00:01:24,990 So what that's telling the Collette to do is go get all the GPOs and I don't really need to see that 20 00:01:24,990 --> 00:01:27,030 big display of each GPO in detail. 21 00:01:27,870 --> 00:01:29,790 I just need to know how many there are. 22 00:01:30,680 --> 00:01:35,570 And that works just fine and gets you quickly gets you to account for all GPOs in the domain. 23 00:01:36,410 --> 00:01:42,190 Now to modify permissions or delegation on a GPO, it's a little more complicated, but not too bad 24 00:01:43,040 --> 00:01:44,440 to retrieve the permissions. 25 00:01:44,450 --> 00:01:49,070 You can just type, get permission, give it the name of the GPO. 26 00:01:49,880 --> 00:01:54,170 And if there's a particular permission you're interested in, you would have to use the target name, 27 00:01:54,260 --> 00:01:57,680 which is the group or username that you're interested in the permission on. 28 00:01:58,490 --> 00:02:00,440 Or you can use the all parameter. 29 00:02:01,330 --> 00:02:04,120 It will return all the permissions on the GPO. 30 00:02:04,900 --> 00:02:10,770 If I wanted to say add the sales admins group with edit rights to a particular GPO, I can use set GP 31 00:02:10,780 --> 00:02:11,320 permission. 32 00:02:12,200 --> 00:02:15,860 I used the name parameter to specify the GPO I'm interested in. 33 00:02:16,730 --> 00:02:22,010 I set the permission level, which is a parameter that has a number of possible values, in this case 34 00:02:22,010 --> 00:02:22,970 a GPO edit. 35 00:02:23,840 --> 00:02:28,400 The target name is the group that I'm interested in, and the target type is the thing that it is. 36 00:02:29,300 --> 00:02:33,350 So it could be a group, a computer or a user as the possible values. 37 00:02:34,220 --> 00:02:36,890 Now, if I wanted to remove that sales admin group. 38 00:02:37,790 --> 00:02:43,040 I could go in and set the permissions for that same GPL with the permission level of none for that group 39 00:02:43,130 --> 00:02:45,020 which it with the target type of group. 40 00:02:45,890 --> 00:02:47,930 So pretty much the same command. 41 00:02:48,800 --> 00:02:53,210 The only difference is that permission level parameter goes from GPIO edit to none. 42 00:02:54,110 --> 00:02:56,030 So now for linking GPOs. 43 00:02:56,940 --> 00:03:00,750 It's really simple called a new peeling parameter. 44 00:03:00,780 --> 00:03:02,480 Or I'm sorry, complete. 45 00:03:03,360 --> 00:03:04,860 Give the name of the GPO. 46 00:03:04,860 --> 00:03:05,790 You wanted a link. 47 00:03:06,660 --> 00:03:10,020 The target parameter takes the distinguished name of the container. 48 00:03:10,930 --> 00:03:13,600 It could be a domain, a site or an IOU. 49 00:03:14,440 --> 00:03:17,050 In this case, I'm linking under the users O.U. 50 00:03:17,080 --> 00:03:20,620 Under the marketing or you in the R three test data held domain. 51 00:03:21,480 --> 00:03:25,170 I have to tell it that I want the link to be enabled and I have to give it in order. 52 00:03:26,050 --> 00:03:32,080 Remember you can have multiple GPOs linked on a particular container like an o u, so you have to tell 53 00:03:32,080 --> 00:03:34,210 it in what order you want this link to appear. 54 00:03:35,110 --> 00:03:41,080 So in this case I'm going to make it the very first link in the order, the highest priority to set 55 00:03:41,080 --> 00:03:42,490 that same link to enforced. 56 00:03:42,520 --> 00:03:48,550 I can use the set up link parameter or I'm sorry, complete with the name of the GPO, the target EU, 57 00:03:48,550 --> 00:03:50,710 and then the enforced parameter set to yes. 58 00:03:51,580 --> 00:03:53,590 And then to remove that link all together. 59 00:03:53,620 --> 00:04:00,430 All I have to do is specify the GPO name and the target DNA for backing up, restoring or importing 60 00:04:00,430 --> 00:04:01,210 a GPO. 61 00:04:02,050 --> 00:04:03,400 Back up is really easy. 62 00:04:03,430 --> 00:04:05,770 Give it the name of the complete backup GPO. 63 00:04:05,770 --> 00:04:06,730 Name of the GPO. 64 00:04:06,730 --> 00:04:10,000 You want to backup the path where your backup files are located? 65 00:04:10,000 --> 00:04:11,590 A comment which is optional. 66 00:04:12,450 --> 00:04:13,530 And you're good to go. 67 00:04:13,560 --> 00:04:14,970 It'll create that backup. 68 00:04:15,840 --> 00:04:20,070 Now to restore the GPO, it's a little more a little bit more confusing. 69 00:04:20,940 --> 00:04:22,920 You have to use the restored GPO come. 70 00:04:22,920 --> 00:04:29,190 Let you give it a backup ID, which is not the name of the or not the idea of the GPO, not the grid 71 00:04:29,190 --> 00:04:30,030 of the GPO. 72 00:04:30,840 --> 00:04:35,550 It's the grid of the folder that gets created in the backup folder when you created that backup in the 73 00:04:35,550 --> 00:04:36,240 first place. 74 00:04:37,080 --> 00:04:38,850 And I'll show you that in a little bit. 75 00:04:39,750 --> 00:04:42,960 And then the path is the path to where the backup files reside. 76 00:04:43,830 --> 00:04:46,380 Now, to import a backup into a new GPO. 77 00:04:47,220 --> 00:04:51,480 So this in this case, I've got a backup, that same backup. 78 00:04:51,510 --> 00:04:53,820 I want to use it this time. 79 00:04:53,820 --> 00:04:56,670 I want to create a new GPO called Imported Policy. 80 00:04:57,530 --> 00:05:02,750 And the import chocolate gives me the option of specifying the backup I.D. the path where the backup 81 00:05:02,750 --> 00:05:05,070 resides, the target name of the GPO. 82 00:05:05,090 --> 00:05:06,950 In this case, it's a new GPO. 83 00:05:07,790 --> 00:05:13,100 So I'm going to use the Create as needed parameter to create that GPO before it actually does the import. 84 00:05:13,970 --> 00:05:19,130 If I didn't have that parameter in there, it would look for an existing GPO name called Imported Policy 85 00:05:19,130 --> 00:05:21,050 and import the settings right into there. 86 00:05:21,950 --> 00:05:25,880 So let's spend some time and now and look at what these let's look like in practice.