Last year we shipped the Group Policy Compliance Manager (GPCM) product–our enterprise compliance reporting solution for Group Policy. Today we are releasing a new PowerShell module to go along with GPCM. This module allows for some cool capabilities for searching, reporting on and analyzing the data that GPCM collects. GPCM gathers Group Policy processing health and settings data from your Windows servers and desktops across your environment. The PowerShell module allows you to ask some interesting questions of that data like:
- How long is policy processing taking for my computers and users?
- Where has a particular setting been processed across my environment–or better yet, a setting value? For example, you might want to search to see where a particular security group has been used across the environment.
- What is the potential impact across my environment if I change, remove or un-link a particular GPO–what users or computers will be impacted?
- How do my computers and users compare to known good baseline settings, like security standards such as DISA-STIG, NIST or CIS–where do I have machines that are out-of-compliance with my standard settings?
All of these questions are enabled with the new PowerShell module and the six cmdlets it contains, as shown here:
I walk through some of these key scenarios in the video below. Have a look and then download GPCM and start getting compliant in your Group Policy environment. A little knowledge can go a long way towards answering those questions your boss asks about why a particular user or group has access on a particular server machine that just went down!