02.26.09
Automating GP Preferences
In a recent posting on the Activedir.org mailing list, I happened to mention that we’re getting ready to release v. 2.0 of our GPExpert(r) Scripting Toolkit. The Toolkit is actually getting a new name, but I won’t spoil the surprise for now. However, the key feature we’ve added to it is support for the new Group Policy Preferences (GPP) settings! This is pretty exciting because this now means that you can use PowerShell or .Net to automate the reading and writing of all of the GP Preference settings across GPOs. And even more exciting is the fact that we are also supporting the ability to do Item-Level Targeting through the Toolkit as well. This means that you can not only define GP Preferences settings but also target them using any of the many different ILT criteria. And if that weren’t exciting enough (I know, I’m easily geeked out!) how about the fact that you can run GPP scripts on XP or Server 2003 in addition to Vista and 2008. That’s right, even though you can’t normally edit GPP settings on anything other than Vista, SP1 or Server 2008, the Toolkit’s GPP support has no such limitation. So you can read and write GPP settings from any platform from XP on up! Double-cool.
As an example of how this comes in handy, we recently worked on a customer GPO consolidation/migration where they were consolidating a large number of GPOs spread across 3 forests into a single forest. They had not used GPP prior to the new deployment but did have another product in place for delivering drive and printer mappings (Scriptlogic’s Desktop Authority product in this case). We were able to use the new Toolkit with support for GPP to automate the process of converting their dozens of drive and printer mappings into GPP settings within a couple of GPOs. Cool!
Lets look at how you can write a PowerShell script to create a drive mapping policy that targets a particular user group:
=======================================================
#connect to the GPO
$gpo = Get-SDMgpobject -gpoName "gpo://cpandl.com/Marketing Drive Mappings Policy" -openByName
# now, connect to the GPP drive maps container
$driveMapSetting = $gpo.GetObject("User Configuration/Preferences/Windows settings/Drive Maps")
# define a new drive mapping
$map = $driveMapSetting.Settings.AddNew("P Drive")
# and set its properties
$map.Put("Action",[GPOSDK.EAction]"Update")
$map.Put("Drive Letter","P")
$map.Put("Location","\\MktgServer1\public")
$map.put("Reconnect", $true);
$map.Put("Label as", "Marketing Public Drive");
# save it!
$map.Save()
# now create a group-based ILT filter
$iilt = $gpo.CreateILTargetingList()
$itm = $iilt.CreateIILTargeting([GPOSDK.Providers.ILTargetingType]"FilterGroup");
$itm.Put("Group","Marketing Users")
$itm.Put("UserInGroup", $true)
$iilt.Add($itm)
# and apply my new ILT to the drive mapping
$map.put("Item-level targeting", $iilt)
$map.Save()
=======================================================
Pretty cool, huh? Well, I think so 
Now imagine that you can do this across any of the numerous settings within GPP and you’ll see why I’m excited about this new release of the Toolkit! I will be blogging when we get the bits out there. Right now we’re working on a big, thick user guide with a ton of examples of how you can use the Toolkit and PowerShell to automate any number of GP management tasks. Stay tuned….
Tags:
Group Policy, PowerShell, Group Policy Preferences, GPExpert Scripting Toolkit, Group Policy Automation
). 
