1 00:00:03,070 --> 00:00:07,120 So let's run through some of these command letters that I just used in the past slides. 2 00:00:07,990 --> 00:00:10,360 So let's go ahead and create a new GPO. 3 00:00:11,140 --> 00:00:15,580 And again, I'm going to use the new GPO Command, let with a name of test policy. 4 00:00:16,420 --> 00:00:21,040 And what you see is it returns information about the GPO as it's being created. 5 00:00:21,910 --> 00:00:23,350 So it got the name. 6 00:00:24,190 --> 00:00:25,510 It's got the domain name. 7 00:00:25,510 --> 00:00:28,000 The owner ad version, of course, is zero. 8 00:00:28,840 --> 00:00:34,060 If I come back into PMC, go up and refresh my group policy objects container, you'll see that. 9 00:00:34,060 --> 00:00:36,250 Sure enough, it's created that GPO. 10 00:00:37,060 --> 00:00:41,740 Now, what I want to do is rename this GPO using the renamed GPO Command Lit. 11 00:00:42,670 --> 00:00:44,950 So let's go ahead and paste that command in. 12 00:00:45,820 --> 00:00:48,520 So we'll do renamed GPO Name Test Policy. 13 00:00:49,340 --> 00:00:52,910 And I'm going to give it a new target name of marketing lockdown policy. 14 00:00:53,750 --> 00:00:54,710 And there we go. 15 00:00:55,560 --> 00:00:56,820 I've just renamed it. 16 00:00:57,750 --> 00:01:03,630 So if I again come back into AMC, if I hit a five, you'll notice that it just got switched to marketing 17 00:01:03,630 --> 00:01:04,200 lockdown. 18 00:01:05,040 --> 00:01:10,230 And after all that, I can go ahead and say, remove GPO Marketing Lockdown, give it the name parameter 19 00:01:10,230 --> 00:01:11,610 just to keep everything clear. 20 00:01:11,670 --> 00:01:12,180 Marketing. 21 00:01:12,180 --> 00:01:13,200 Lockdown Policy. 22 00:01:14,030 --> 00:01:15,560 And it deletes the GPO. 23 00:01:15,590 --> 00:01:16,940 No fuss, no muss. 24 00:01:17,830 --> 00:01:21,170 Again, come up to AMC, hit refresh, and it's gone. 25 00:01:22,000 --> 00:01:27,580 Now, remember I said that you could easily get a count of all GPOs using the GPIO command, let with 26 00:01:27,580 --> 00:01:31,150 the wall parameter and passing it as an expression to the count property. 27 00:01:31,980 --> 00:01:35,280 And there I got I've got 28 GPOs in this domain. 28 00:01:36,150 --> 00:01:37,140 So all good. 29 00:01:38,040 --> 00:01:42,120 So now what I want to do is I want to get some information about some existing GPOs. 30 00:01:42,150 --> 00:01:47,040 I've got this locked down policy, locked down GPO, and I'm going to go ahead and get the permissions 31 00:01:47,040 --> 00:01:47,460 on this. 32 00:01:48,390 --> 00:01:51,570 So I'm going to go ahead and get the permissions on the GPO. 33 00:01:52,410 --> 00:01:55,220 So get GP permission of the name lock down policy. 34 00:01:55,230 --> 00:01:57,990 And I'm going to say I want all permissions on the GPO. 35 00:01:58,830 --> 00:02:02,730 So now what it did is it returned four objects for each different permission. 36 00:02:03,630 --> 00:02:06,660 Here's authenticated users with the GPO apply permission. 37 00:02:06,690 --> 00:02:12,330 That's basically that security filter that lets that authenticated users group groups process this policy. 38 00:02:13,200 --> 00:02:16,560 Now, what I want to do is go ahead and set the permissions. 39 00:02:17,460 --> 00:02:21,480 Now I'm going to go ahead and clear the screen here so that I can get a fresh canvas. 40 00:02:22,350 --> 00:02:25,540 Now, what I want to do is set permissions on that lock down policy. 41 00:02:25,560 --> 00:02:27,930 So I'm going to go ahead and copy that command in. 42 00:02:28,770 --> 00:02:31,920 And what I'm going to do is set permissions on the lock down policy. 43 00:02:32,010 --> 00:02:34,500 Permission level is going to be oops. 44 00:02:35,400 --> 00:02:40,830 Let me get back to my parameter here and I'll show you the possible permissions. 45 00:02:41,730 --> 00:02:43,860 So I can have possibly GPO custom. 46 00:02:43,890 --> 00:02:45,180 I'm going to use GPO. 47 00:02:45,180 --> 00:02:47,190 Edit Target name is the sales admin. 48 00:02:47,190 --> 00:02:49,320 So you are group and the target type is group. 49 00:02:50,190 --> 00:02:55,770 So now if I do a get permission on the lockdown policy, get GP permission on name lockdown policy. 50 00:02:56,610 --> 00:02:57,900 Use the all parameter. 51 00:02:57,900 --> 00:03:00,660 And now I've got that sales admins group that's been added. 52 00:03:01,530 --> 00:03:07,140 So now let's go ahead and clear the screen again and let's go ahead and do a linking of our lockdown 53 00:03:07,140 --> 00:03:08,520 policy to an you. 54 00:03:09,360 --> 00:03:14,700 So we've got our users marketing our you and I specified the lock down GPO with the new link command 55 00:03:14,700 --> 00:03:19,680 lit and I want to tell it that the link enabled is yes and the order is number one. 56 00:03:20,550 --> 00:03:25,800 So let's go ahead and issue that command and it comes back and tells me that it did it. 57 00:03:26,700 --> 00:03:28,710 And if I come into the marketing users. 58 00:03:28,710 --> 00:03:29,610 Oh, you up here? 59 00:03:30,450 --> 00:03:31,620 And hit refresh. 60 00:03:32,540 --> 00:03:33,020 You'll see. 61 00:03:33,020 --> 00:03:35,510 I've got my lockdown policy all linked up there. 62 00:03:36,380 --> 00:03:41,570 Now, if I wanted to, for example, change that link to be enforced, I can come back into PowerShell 63 00:03:41,570 --> 00:03:48,850 and paste in the said link GP link command lit again with the target of the EU and enforce set to. 64 00:03:48,860 --> 00:03:50,600 You can't see it here but it's set to. 65 00:03:50,600 --> 00:03:56,810 Yes and if I hit enter and come back to EMC and hit refresh, you'll note the little lock symbol that 66 00:03:56,810 --> 00:03:57,730 just showed up there. 67 00:03:57,770 --> 00:03:59,450 So I've been able to do that refresh. 68 00:04:00,350 --> 00:04:02,570 Now let's look at backing up GPOs. 69 00:04:03,450 --> 00:04:04,020 Again. 70 00:04:04,020 --> 00:04:07,110 We've got lots of capabilities within PowerShell to do this. 71 00:04:08,010 --> 00:04:12,000 The backup GPIO command, let give it the GPO name. 72 00:04:12,000 --> 00:04:14,160 Give it the path to the to the backup folder. 73 00:04:14,160 --> 00:04:17,940 And a comment in this case, lock down PowerShell lock down policy. 74 00:04:17,940 --> 00:04:18,900 PowerShell backup. 75 00:04:19,710 --> 00:04:24,240 And it takes a little bit to run, but then it comes back, tells me that it's made the backup. 76 00:04:25,080 --> 00:04:27,570 Now this is the backup ID that was created. 77 00:04:28,410 --> 00:04:33,230 And if I go into my backup folder, let me just go back up here to my GPO backups folder. 78 00:04:33,240 --> 00:04:38,460 You'll see that the 76 B corresponds to the folder name and that's the the actual backup ID. 79 00:04:39,600 --> 00:04:45,690 So when it comes time to do a restore or an import and I have defeated the backup ID, you'll see if 80 00:04:45,690 --> 00:04:52,410 I paste in my restore command that I've got a backup ID, this is actually a different backup. 81 00:04:52,590 --> 00:04:57,420 But if I come up here, I can get the backup ID that I just created and go ahead and put it into this 82 00:04:57,420 --> 00:04:57,920 command. 83 00:04:58,830 --> 00:05:04,740 So let me go ahead and clear out that one and paste in that new backup I.D. And I can do the restore 84 00:05:04,740 --> 00:05:08,550 and it restores me back to the GPIO settings that were in there from this backup. 85 00:05:09,390 --> 00:05:13,860 So again, I'm using the backup ID as the thing that I'm keying on for the restore. 86 00:05:14,760 --> 00:05:19,620 And this is, you know, just a sampling of the things that you can do, a pretty broad sampling of 87 00:05:19,620 --> 00:05:22,290 the things you can do in the PowerShell group policy module. 88 00:05:23,160 --> 00:05:28,710 Next, I want to look at the capabilities of some VBScript sample scripts that are available from Microsoft.