Automating A Few Group Policy Tasks
Posted on 2011-02-15
I find myself having to repeat a lot of the same tasks in group policy management. Would someone have a script (or be able to put together one) that automates the following?
1. Look through group policy objects. Create a security group in a specific OU for any policy starting with APP_. The security group should be named DENY_APP_RESTOFPOLICYNAME. If a DENY_ already exists for that GPO, the script should not create the security group.
2. Assign a deny read/apply group policy permission on the APP GPO.
3. Assign a read permission for a specific security group containing users.
For example, the first GPO beginning with APP_ that we have is APP_Adobe Flash Player. The script should create a security group named DENY_APP_Adobe Flash Player in a specific OU. All deny groups are kept in the same OU. It should then assign a deny read/apply group policy permission on APP_Adobe Flash Player for the security group Deny_APP_Adobe Flash player. Finally, it should add a read permission for a security group containing certain users. This security group is the same for every GPO.
Any help would be awesome!!!