Group Policy Blog

Registry Policy Viewer 1.5

Darren took the time to prove to us that even the greatest tools can be improved! Thank you for that. The Registry Policy Viewer that GPOGuy introduced years ago has continued to be a favorite. A few new features have been added and some really interesting usability updates will make this great tool even better. […]

Darren’s 9 Group Policy Principles

Darren Mar-Elia and I spent some time this week with a group of consultants and service providers. These folks come from a wide variety of backgrounds and experiences. Our goal was to talk about Group Policy, some best practices, and share some of our experiences of a combined almost 50 years of working with Group […]

Find all Registry Settings Managed in a GPO

Group Policy Objects (GPOs) can contain many different kinds of settings. Much of that data is simple registry data. Finding registry settings in GPOs and handling them is not the simplest of tasks and requires some PowerShell. Microsoft has provided some cmdlets for the management of Group Policy and at SDM Software we have provided […]

Group Policy to Desired State Configuration

Group Policy has been a bit of a comfort for many of us for the past 15 years. It is a technology that is full of promise and capability. It is sufficiently complex, and incredibly powerful. As PowerShell has evolved to embrace configuration with Desired State Configuration we need to keep, update ourselves, and stay […]

Cleaning Group Policy When Removing a Machine from the Domain

A recent thread on Mark Minasi’s forum site┬áreminded me of a topic that comes up every once in a while–namely, how do you cleanly remove Group Policy settings from a machine that has been removed from an AD domain. The answer is to avoid the problem in the first place :). The challenge here is […]

More on registry tattooing–an interesting scenario

In my previous post I talked about security policy and its tattooing ways. But how about a scenario where a policy should not have tattooed, and did? That was the situation when I got an email from someone about a policy that was tattooing their systems. The situation was, they had created a custom ADM […]