Group Policy Blog

Just In Time for Microsoft Ignite–A Sneak Peek of GPO Migrator 1.0!

Well, Microsoft Ignite is happening next week, and SDM Software will be there in force, occupying Booth #671 on the show floor. And no conference would be complete without showing off new toys. In our case, the new toy is a shiny new product called GPO Migrator. We’ll be demonstrating the first public appearance of GPO … Read More.

Dealing With The AccountExpires Date in Active Directory – With PowerShell

By now most of us are aware that Active Directory dates are not the easiest bits of data to deal with. Wrapping our heads around how AD stores and deals with dates is very interesting on an intellectual level, and equally infuriating on a productivity level. Accessing this data from PowerShell is a useful technique to … Read More.

Analyze GPO Impact – Part II – Export-SDMGPSettings

Part II of our GPO Impact Analysis. For the purpose of this post the primary capability of Export-SDMGPSettings is to grab a ‘snapshot’ of all of the settings managed in a set of GPOs. Export-SDMGPSettings is one of the core cmdlets that make up the PowerShell part of the GPO Reporting Pak (GPRP). The syntax … Read More.

Security Fun: Bloodhound, MS16-072 and GPO Discoverability

I had a chance to attend my first BlackHat/Defcon conference last week in Las Vegas. I also attended the very excellent BSides conference, happening concurrently. Besides being shaken to my core from the skills demonstrated during the week :-), I got a chance to see some excellent talks related to Windows security and some super … Read More.

Analyze GPO Impact – Part 1

One of the many scenarios that organizations contend with is impact analysis. For SDM Software this is about configuration and most importantly security configuration. For example, what happens if you go into Active Directory Users and Computers and move Server1 from its home in OU1 to a new home in OU5? Do you know? Does it … Read More.

Video – Remove Empty GPOs

As promised I posted a quick video (OK not too quick) to walk through using the PowerShell pieces of GPO Reporting Pak to remove empty GPOs. The previous post describes the process and this video simply provides the walk through. There are so may things that one can do with the GPO Reporting Pak and … Read More.

Find and Delete All Empty GPOs – GP Reporting Pak

Find and Delete All Empty GPOs The SDM Software GPO Reporting Pak is full of nifty features and is simple to use. There are many common scenarios that organizations require. The PowerShell components of the product are sometimes overlooked. From discussions with people who are using the product there are common reasons for this. New … Read More.

Modifying Default GPO Permissions at Creation Time

Now that we are all digging out from MS16-072, and the reality that it likely won’t be “fixed” anytime soon, I think it’s worthwhile to drop a quick blog post about how you can ensure that all GPOs that get created going forward in your environment, get the proper read permissions on them. A long … Read More.

MS16-072 – GP Permissions and an overview

Hello Group Policy fans enthusiasts happy people! Darren and I had a quick discussion about his script to remediate the problems created by applying MS16-072 and GP processing. Read Darren’s previous post for context but here is a recording of our discussion. Have a good day and happy troubleshooting! Kevin

New Group Policy Patch MS16-072– “Breaks” GP Processing Behavior

This morning I woke up to an email from a fellow Group Policy MVP–Martin Binder–warning that folks were seeing GP Processing issues after the recent slew of Patch Tuesday updates were applied. Indeed, I had noted late on Tuesday via Twitter that there was a fix to GP in this latest round of patches, that prevents … Read More.