Solved

Automating A Few Group Policy Tasks

Posted on 2011-02-15
2
251 Views
Last Modified: 2012-05-11
I find myself having to repeat a lot of the same tasks in group policy management. Would someone have a script (or be able to put together one) that automates the following?

1. Look through group policy objects. Create a security group in a specific OU for any policy starting with APP_. The security group should be named DENY_APP_RESTOFPOLICYNAME. If a DENY_ already exists for that GPO, the script should not create the security group.

2. Assign a deny read/apply group policy permission on the APP GPO.

3. Assign a read permission for a specific security group containing users.

For example, the first GPO beginning with APP_ that we have is APP_Adobe Flash Player. The script should create a security group named DENY_APP_Adobe Flash Player in a specific OU. All deny groups are kept in the same OU. It should then assign a deny read/apply group policy permission on APP_Adobe Flash Player for the security group Deny_APP_Adobe Flash player. Finally, it should add a read permission for a security group containing certain users. This security group is the same for every GPO.

Any help would be awesome!!!
0
Comment
Question by:Joseph Moody
2 Comments
 
LVL 63

Accepted Solution

by:
SysExpert earned 500 total points
ID: 34912900
I would ask for help from the powershell TA or similar, sine that would be the best tool for this.

I hope this helps !
0
 
LVL 22

Author Comment

by:Joseph Moody
ID: 35097393
Thank you for the advice. I had a good powershell friend put a couple of things together.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question