PowerShell 7 – Group Policy Settings and Eventlogs

On December 16th Joey announced the availability of the PowerShell 7.0 release candidate. Time to look at the configuration options. Since I’m interested in the aspects of managing these settings within an enterprise environment, I closely followed the discussions on GitHub here https://github.com/PowerShell/PowerShell/pull/10468 and here https://github.com/PowerShell/PowerShell/issues/9309 and the outcome of these discussions is documented here https://github.com/PowerShell/PowerShell-RFC/blob/master/4-Experimental-Accepted/RFC0041-Policy.md Installation Now let’s look what options we have for the configuration of logging PowerShell 7 events. Let’s start with Read More …

How to identify orphan Group Policy content within the Sysvol folder

G’day everyone. Today I was working on a Microsoft Security Configuration baseline implementation and while browsing through the Sysvol folder I got the impression that there are less GPO objects stored within AD compared to the number of GPO content folders located within the Sysvol\Policies folder. As we speak about several hundred folders here, too many to count manually, and so another PowerShell script was born. Now if the terms SYSVOL, policies folder doesn’t mean Read More …

Importing GPO Security Baselines with PowerShell

Okay there’s this rule , if you do something manually for the third time, it’s about time to think of automating it. Here’s a script that I created to create Group Policy Objects and import the security baseline settings. The script will work with any security baseline that is provided with Group Policy backups e.g. Microsoft Security baseline, CIS, NSA. Let me show you this with an example: First download the latest Microsoft Security baseline Read More …

The GroupPolicy Xtended PowerShell Module

Good day everyone. Today I would like to share with you the Group Policy Xtended PowerShell module that i’ve written recently. Histrocially I used to have various cmdlets stored in individual files and ran them when needed, I also shared them among my peers and with the public via my blog and the Microsoft Script repository. The challenge with this approach is that it’s hard to ensure eveyone has the latest versions of the cmdlets  Read More …

ToolTip: Policy Analyzer

Aaron Margosis recently released Policy Analyzer, a utility for analyzing and comparing sets of Group Policy Objects (GPOs). Here’s a brief description on how to use the tool to compare two Domain GPOs. I created two GPOs in my test domain, both starting with the name “Foo” and then configured some settings. The Policy Analyzer can import GPO settings based on a GPO backup so as a next step we create a GPO backup. The Read More …

Group Policy Settings in Windows 10 Build 10.0.10130

Windows 10 build 10.0.10130 brought a couple more new Group Policy settings, here they are: Location Setting Description Computer Configuration Administrative Templates Windows Components Windows Update Defer Upgrade If you enable this policy setting, in Pro and Enterprise SKUs you can defer upgrades till the next upgrade period (at least a few months).       If you do not have it set you will receive upgrades once they are available that will be installed as part Read More …

Group Policy Settings in Windows 10 Build 10.0.10074

Like with every new version of the Windows operating system we can expect new Group Policy settings. Today I took a look at Windows 10 build 10.0.10074 and found the follownig settings.   Location Setting Description Computer Configuration  Windows Components  DataCollectionAndPreviewBuilds Disable user control over preview builds This policy setting determines whether users can access the preview build controls in the Advanced Options for Windows Update. These controls are located under “Choose how preview builds Read More …

Group Policy Management expanding into MDM

During the Channel 9 session “Windows 10 Client Goodness with Joe Belfiore” (at 12 minutes 04 of the recorded session)  there was an interesting comment from Joe about Group Policy Management in Widows 10. If you’re dealing with Group Policy Management today, the following comments from Joe might be of interest. What we’re trying to do in Windows 10. And here’s another case where you think of a core operating system that shares among a Read More …

Use PowerShell to Troubleshoot Group Policy

While I was on vacation last summer Ed Wilson aka Microsoft Scripting Guy asked me if I would like to write a guest post for the Hey Scripting Guy Blog. Of course !! was my immediate response. And here it is: Weekend Scripter: Use PowerShell to Troubleshoot Group Policy The script referenced can be downloaded from herehttp://gallery.technet.microsoft.com/scriptcenter/Get-GPProcessingTime-a124aaf5

New IE Group Policy Settings for blocking out-of-date ActiveX controls

As anounced by Microsoft last week on their IEBlog Internet Explorer will start blocking out of date ActiveX controls For managed environments there are updated administrative templates for Internet Explorer to control the behaviour of the ActiveX blocking feature. Although the link brings you to a site called “Administrative Templates for Internet Explorer 11” the settings are set to work for Internet Explorer 8,9, 10 and 11. If you haven’t updated your administrative templates since Read More …