Select Page

Hey Folks. Sorry for the long delay in between postings. Lots going on in Group Policy land and in my own life that has been keeping me busy! But, now that I have some time, I wanted to blog about a few things of note, in no particular order:

  • Thanks to Mike Kline for posting a nice review of SDM Software’s GPO Compare tool, which lets you graphically compare two GPOs for settings differences
  • Just a quick note to let you know that I posted a new tool up at GPOGUY.COM a couple of weeks back. Its a new Powershell v1 snap-in that does two things. The first is a cmdlet called Get-SDMGPOVersion which lets you retrieve and show differences between GPO version numbers on a given DC, designed to spot AD and SYSVOL replication inconsistencies within GPOs. I would call it a Powershell version of GPOTool.exe. The 2nd cmdlet in the snap-in is called Invoke-SDMTouchGPO. This is basically a "touch" command for GPOs. What it does is, for a given GPO, it increments the per-computer or per-user version numbers for the GPO. This tricks clients into thinking that "something" has changed within that GPO, and thus will trigger a refresh of the settings within that GPO. Or more specifically, it will trigger a full reprocessing of policy for a given client that is impacted by that GPO that was touched. This came up in a thread that I participated in on the ActiveDir.Org mailling list, and I thought it was worth putting something together. You can download it for free at the GPOGUY.COM Free Tools Site.
  • Working with the folks at Windows IT Pro Magazine, I’ve created a one-day Group Policy Troubleshooting webinar next Thursday, June 25th. You can get more information and register for it at the link I just provided. It should be a good session–its a 3 part training session that covers GP internals and GP processing basics, troubleshooting tools and techniques and then advanced topics in GP troubleshooting. I’ll be on hand afterwards to answer questions during each session, as well! Check it out and see you there!
  • Finally, I wanted to just call attention to some cool stuff Microsoft did recently in anticipation of the Windows 7 release. As you know, I’ve been a big advocate of enabling automation of Group Policy automation, primarily through Powershell. Our SDM Software Group Policy Automation Engine was the first product on the market to let you read and write GP settings using Powershell, when it shipped a couple of years ago. Recently the Applocker feature team within Microsoft (Applocker is the new replacement for Software Restriction Policies in Windows 7) announced availability of Powershell cmdlets for getting and setting Applocker policies within a GPO! This is all good stuff and provide a nice complement to what the GP Product team is doing with Powershell and registry settings in Win7. Check it out here: http://blogs.msdn.com/powershell/archive/2009/06/02/getting-started-with-applocker-management-using-powershell.aspx.

Well, enjoy those tidbits and I hope to be back blogging soon!

Darren