Your communication platform is only as good as the relevance of the information you send. Ensure your alerts get to the right people every time with actionable responses. Create escalation rules that ensure everyone follows the process and nothing is left to chance.
Course Of The Month
3 days, 7 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
The tool to show all the GPO settings across an entire network
Posted on 2013-05-24
Hello all,
I am going to review and update all the GPO setting in my company. I would like to compare GPO settings in our network to see exactly what needs to be dealt with and what need to be improved. I wonder if there is a tool or a program that can show me all the GPO settings.
Aso, what are the best practices for GPO?
Thanks,
I am going to review and update all the GPO setting in my company. I would like to compare GPO settings in our network to see exactly what needs to be dealt with and what need to be improved. I wonder if there is a tool or a program that can show me all the GPO settings.
Aso, what are the best practices for GPO?
Thanks,
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
8-
7
- +2
18 Comments
Group Policy Management Console is the tool to use. There are also GPMC scripts that can help
http://msdn.microsoft.com/en-us/library/windows/desktop/aa814151(v=vs.85).aspx
Group Policy MVP Darren has a great presentation on some best practices from TechEd last year
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/WSV206
Thanks
Mike
http://msdn.microsoft.com/en-us/library/windows/desktop/aa814151(v=vs.85).aspx
Group Policy MVP Darren has a great presentation on some best practices from TechEd last year
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/WSV206
Thanks
Mike
GPOs are set by domain / forest, not by network. You would find all GPOs for a domain in the Group Policy Management console, which is Automatically on 2008 Domain controllers and would need to be installed on 2003 Domain controllers (Link: http://www.microsoft.com/en-us/download/details.aspx?id=21895)
There is no real Best Practice as a company's GPOs completely depends on the company and what type of security you are looking to uphold.
There is no real Best Practice as a company's GPOs completely depends on the company and what type of security you are looking to uphold.
Active 6 days ago
What is the Windows version supporting your Active Directory infrastructure?
Most of the GPOs tasks can be done with the native Windows tools, exactly "Group Policy Management" console. If you have Windows 2008, 2008 R2 or 2012 this console should be present by default, if you have Windows Server 2003 you can just download it from the Microsoft Webisite:
http://www.microsoft.com/en-us/download/details.aspx?id=21895
With this tool you can make many things relate to polices, one simple one is make click on the desired policy and check the summarized settings that it has configured without open/editing the policy itself
The best practices for GPOs are going to depend for the scope and madurity level of your organization, this link can give you some basic recommendations:
http://technet.microsoft.com/en-us/library/cc779168(v=WS.10).aspx
Additionally it is strongly recommended that you create a test OU where you test tour polices, if this policy doesn't have the expected results just take the tested object outside from this OU and it will be Ok. Make this all the time before applying the polices to a bigger container, another important one... Use the Default Domain Policy just for password relate polices, the rest of the configurations make them with a new GPO linked in the container where you want to apply them
It is very important too, to understand what is the behavior of the policy that we want to apply for not having unexpected results.
Most of the GPOs tasks can be done with the native Windows tools, exactly "Group Policy Management" console. If you have Windows 2008, 2008 R2 or 2012 this console should be present by default, if you have Windows Server 2003 you can just download it from the Microsoft Webisite:
http://www.microsoft.com/en-us/download/details.aspx?id=21895
With this tool you can make many things relate to polices, one simple one is make click on the desired policy and check the summarized settings that it has configured without open/editing the policy itself
The best practices for GPOs are going to depend for the scope and madurity level of your organization, this link can give you some basic recommendations:
http://technet.microsoft.com/en-us/library/cc779168(v=WS.10).aspx
Additionally it is strongly recommended that you create a test OU where you test tour polices, if this policy doesn't have the expected results just take the tested object outside from this OU and it will be Ok. Make this all the time before applying the polices to a bigger container, another important one... Use the Default Domain Policy just for password relate polices, the rest of the configurations make them with a new GPO linked in the container where you want to apply them
It is very important too, to understand what is the behavior of the policy that we want to apply for not having unexpected results.
mkline71,
I use this command ListAllGPO.wsf but it does not work. Please see it below:
C:\Users\lly>ListAllGPOs.w
'ListAllGPOs.wsf' is not recognized as an internal or external command, operable program or batch file.
I use this command ListAllGPO.wsf but it does not work. Please see it below:
C:\Users\lly>ListAllGPOs.w
'ListAllGPOs.wsf' is not recognized as an internal or external command, operable program or batch file.
Did you download the scripts
http://www.microsoft.com/en-us/download/details.aspx?id=14536
Thanks
Mike
http://www.microsoft.com/en-us/download/details.aspx?id=14536
Thanks
Mike
Mike,
I don't want to download it to my AD now. I just downloaded to my laptop Win 7 but still could not run that command.
Thanks,
I don't want to download it to my AD now. I just downloaded to my laptop Win 7 but still could not run that command.
Thanks,
Attaching a screenshot from my lab. The scripts go into programfiles (x86)\Microsoft Group Policy\GPMC Sample Scripts by default (you can change that during install)
For this example I used the default install path.
Then run the script
cscript listallgpos.wsf
Thanks
Mike
For this example I used the default install path.
Then run the script
cscript listallgpos.wsf
Thanks
Mike
If you want to manage the Group Policies from your laptop you can install the Remote Server Administration Tools for Windows 7 with Service Pack 1 (SP1) on your Windows 7 machine and use gpmc.msc to administer you domain policies.
Here is a an article that explains the steps needed to install the RSAT on your computer.
Do not forget to activate the "Windows Feature" for gpmc once you have installed the RSAT. It is explained in details in the "Important" section in the article (you can open Turn Windows features on or off by running control appwiz.cpl,,2 form command prompt or Run menu).
One more thing, this option is available only for Ultimate and Enterprice versions of Windows 7.
Here is a an article that explains the steps needed to install the RSAT on your computer.
Do not forget to activate the "Windows Feature" for gpmc once you have installed the RSAT. It is explained in details in the "Important" section in the article (you can open Turn Windows features on or off by running control appwiz.cpl,,2 form command prompt or Run menu).
One more thing, this option is available only for Ultimate and Enterprice versions of Windows 7.
Mike,
I was on vacation. So, i could not test it on my laptop. This morning, I tried it but I received:
C:\Program Files (x86)\Microsoft Group Policy\GPMC Sample Scripts\listallgpos.ws
f(19, 2) Microsoft JScript runtime error: Automation server can't create object
I was on vacation. So, i could not test it on my laptop. This morning, I tried it but I received:
C:\Program Files (x86)\Microsoft Group Policy\GPMC Sample Scripts\listallgpos.ws
f(19, 2) Microsoft JScript runtime error: Automation server can't create object
Do you have GPMC installed on your laptop?
http://www.microsoft.com/en-us/download/details.aspx?id=21895
Thanks
Mike
http://www.microsoft.com/en-us/download/details.aspx?id=21895
Thanks
Mike
I turned on the feature "Group Policy" in the contron panel. It works. How do I do to export it to the document? Thanks,
Featured Post
Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
- Windows 10
- Microsoft Legacy OS
- Windows Vista
- Windows 8
- Windows XP
- Windows OS, Windows 7, *Windows Updates, *windows update
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
- Windows 10
- Microsoft Legacy OS
- Windows 8
- Windows OS
- Windows 7
- Windows Vista, Windows XP, *windows update, *Windows Updates
Suggested Courses
Course of the Month3 days, 7 hours left to enroll
691 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.