Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.
Solved
Group Policy/Group Preferences reporting tool, cloning Group Policies
Posted on 2010-09-04
I am looking for a Group Policy/Group Preferences reporting tool that could either or both of the following:
1) Check a Group Policy/Group Preferences structure and compare it with the default for that system, in particular Windows 2008 R2. The situation would be that there have been Group Policies created/modified on a server and I would like to see all the settings that are not default.
2) Compare two servers for differences in Group Policy. In this situation I would compare the Group Policy/Preferences settings of two different servers to see what the differences are.
3) I would also like to know the best way to clone Group Policies/Preferences from one system to another e.g. I have a system where all the Group Policies/Preferences are to my liking and want to then apply them to another system.
Again the environment I am most interested in is Windows 2008 R2.
1) Check a Group Policy/Group Preferences structure and compare it with the default for that system, in particular Windows 2008 R2. The situation would be that there have been Group Policies created/modified on a server and I would like to see all the settings that are not default.
2) Compare two servers for differences in Group Policy. In this situation I would compare the Group Policy/Preferences settings of two different servers to see what the differences are.
3) I would also like to know the best way to clone Group Policies/Preferences from one system to another e.g. I have a system where all the Group Policies/Preferences are to my liking and want to then apply them to another system.
Again the environment I am most interested in is Windows 2008 R2.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
3
2
6 Comments
Active today
These are interesting products but from my reading they are 'monitoring' products, they track changes. They do not answer the questions I asked from what I have read about them as I am not looking to track changes realtime but what has already transpired.. Perhaps if you have worked with them you can tell me whether they deal with the 3 questions that I have copied again below.
1) Check a Group Policy/Group Preferences structure and compare it with the default for that system, in particular Windows 2008 R2. The situation would be that there have been Group Policies created/modified on a server and I would like to see all the settings that are not default.
2) Compare two servers for differences in Group Policy. In this situation I would compare the Group Policy/Preferences settings of two different servers to see what the differences are.
3) I would also like to know the best way to clone Group Policies/Preferences from one system to another e.g. I have a system where all the Group Policies/Preferences are to my liking and want to then apply them to another system.
1) Check a Group Policy/Group Preferences structure and compare it with the default for that system, in particular Windows 2008 R2. The situation would be that there have been Group Policies created/modified on a server and I would like to see all the settings that are not default.
2) Compare two servers for differences in Group Policy. In this situation I would compare the Group Policy/Preferences settings of two different servers to see what the differences are.
3) I would also like to know the best way to clone Group Policies/Preferences from one system to another e.g. I have a system where all the Group Policies/Preferences are to my liking and want to then apply them to another system.
Don't know of any such tool.
The Default Domain Controler Policy should never be touched and be left "original",...so doing a GPO Report with GPMC will give you a printable list of those Defaults to compare against.
The Default Domin Policy should also be untouched and left "original" except for Password Policies that must only be done from that policy.
If your GPOs have become so compex that you need such a tool then you have problaby "gone overboead" with your GPOs. If you want to compare what is there as opposed to what the Defaults were use the GPMC to print/save Reports of the Default Domain Policy and the Default Domain Controller Policies and use these Reports as a record of the Default Settings. If somebody has already messed around with them, then there is a way to first create copies of them with the GPMC, give the copies a useful name, and link them in,..then use DCGPOFIX to reset the originals back to "original", then add the Password Policies (if there were any) to the Default Domain Policy.
What I usually do on a system that is in a mess is to copy/save the two Default Policies as described,...but I don't relink them back in,...then print Reports of them. Then I recreate the two default ones with dcgpofix.exe which overwrites them fresh,..then print a report of those. Then I manually compare the two reports,...settings I want to keep I redo in new policies. Some settings to don't naturally go back to original unless you force them with a GPO first before setting the GPO back to "not defined".
http://www.windowsitpro.com/article/group-policy/how-can-i-restore-the-contents-of-the-default-domain-and-default-domain-controller-dc-group-policy-objects-gpos-.aspx
All policies need to be done by creating new GPO and do the "work" in those,...a small handfull of separate policies should do fine, just don't get too carried aways with that either,..too many individual GPOs creates a performace issue.
You don't have to audit individual machines,..hence probably why there doesn't seem to be a tool. You need to document the individual GPOs themselves and that can be done with the GPMC. Then all you need to know after that is what GPOs are applied to a machine and what parts applied (User or Computer). So if the policy applied then the machine has those settings,...it is just that simple.
The Default Domain Controler Policy should never be touched and be left "original",...so doing a GPO Report with GPMC will give you a printable list of those Defaults to compare against.
The Default Domin Policy should also be untouched and left "original" except for Password Policies that must only be done from that policy.
If your GPOs have become so compex that you need such a tool then you have problaby "gone overboead" with your GPOs. If you want to compare what is there as opposed to what the Defaults were use the GPMC to print/save Reports of the Default Domain Policy and the Default Domain Controller Policies and use these Reports as a record of the Default Settings. If somebody has already messed around with them, then there is a way to first create copies of them with the GPMC, give the copies a useful name, and link them in,..then use DCGPOFIX to reset the originals back to "original", then add the Password Policies (if there were any) to the Default Domain Policy.
What I usually do on a system that is in a mess is to copy/save the two Default Policies as described,...but I don't relink them back in,...then print Reports of them. Then I recreate the two default ones with dcgpofix.exe which overwrites them fresh,..then print a report of those. Then I manually compare the two reports,...settings I want to keep I redo in new policies. Some settings to don't naturally go back to original unless you force them with a GPO first before setting the GPO back to "not defined".
http://www.windowsitpro.com/article/group-policy/how-can-i-restore-the-contents-of-the-default-domain-and-default-domain-controller-dc-group-policy-objects-gpos-.aspx
All policies need to be done by creating new GPO and do the "work" in those,...a small handfull of separate policies should do fine, just don't get too carried aways with that either,..too many individual GPOs creates a performace issue.
You don't have to audit individual machines,..hence probably why there doesn't seem to be a tool. You need to document the individual GPOs themselves and that can be done with the GPMC. Then all you need to know after that is what GPOs are applied to a machine and what parts applied (User or Computer). So if the policy applied then the machine has those settings,...it is just that simple.
Active today
pwindell:
I am going to post another question that I would like you to take a crack at if you have time. I just have to formulate the words.
I am going to post another question that I would like you to take a crack at if you have time. I just have to formulate the words.
Featured Post
Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!
Learn how Concerto can help you.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units?
This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
Itās time for spooky stories and consuming way too much sugar, including the many treats weāve whipped for you in the world of tech. Check it out!
- iOS
- Ransomware
- Experts Exchange
- Active Directory
- VMware
- Security
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job.
The first step is to acquire the necessary licenā¦
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlleā¦
Suggested Courses
Course of the Month12 days, 14 hours left to enroll
650 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.