Group Policy Blog

Using Group Policy & PowerShell to Mitigate Recent Internet Explorer Vulnerability

Over this last weekend, Microsoft published warnings of yet another zero-day “memory corruption” Internet Explorer vulnerability to all versions of the venerable browser . Since there is no current patch for this yet, IT administrators are left to mitigate against it using a variety of less than ideal workarounds, which are documented here. If you scan this […]

Group Policy Cleanup and GPO Exporter

Group Policy Cleanup and optimization is top-of-mind for many of our customers. One of the key tools for helping customers achieve optimized GPO environments, SDM Software’s GPO Exporter product, just got an update recently. One of the small improvements we added was support for outputting our powerful Group Policy Analysis reports to PowerShell objects. Exporter comes […]

Locating Those Nasty Passwords in Group Policy Preferences Using PowerShell

If you haven’t already seen it, it’s now been widely documented that the feature within GP Preferences Group Policy that allows you to store passwords within a GPO for a variety of uses, is essentially not secure. If you haven’t read one of these posts, please do and familiarize yourself with the issue: http://blogs.technet.com/b/grouppolicy/archive/2008/08/04/passwords-in-group-policy-preferences.aspx http://www.grouppolicy.biz/2013/11/why-passwords-in-group-policy-preference-are-very-bad/ […]

Script Group Policy Changes With The New Version of Group Policy Automation Engine!

Hey PowerShell and Group Policy Fans! If you want to script group policy changes, life just got easier! I’m pleased to announce that today we shipped a major upgrade to our GP Automation Engine product–version 3.0. For those of you who don’t know what the GPAE is all about, a little background: Back in 2007, […]

Renaming GPOs with PowerShell

Recently, as part of one of our Group Policy consulting engagements, we recommended to a customer to adopt a consistent GPO naming standard. This kind of standard makes the function and purpose of a GPO more clear and eases discovery of a Group Policy environment. As a result of this recommendation, we needed to rename […]

Converting Group Policy Settings to Desired State Configuration Documents

If you’ve been following my blog, you know I’ve become a big fan of the new Desired State Configuration feature in Windows Management Framework 4 (i.e. PowerShell 4). It makes configuring Windows Servers a snap and provides a whole new set of configuration flexibility, above and beyond what you can get from Group Policy today. […]

Desired State Configuration in Windows 8.1 and Group Policy

On Monday, here at TechEd North America, Microsoft took the wraps off of some new technology that will be shipping when Windows 8.1 is released later this year. I had had a preview of this technology a few weeks ago and was happy to see it finally made public. At the time I told the people presenting […]

Cool listing of PowerShell-based Group Policy Scripts

Just a quick note to share a great site that I stumbled upon today (not sure how I hadn’t seen it sooner). It’s a Microsoft TechNet site up on their Scripting Center, that lists a bunch of user-provided PowerShell scripts for managing Group Policy,  including a very cool script module for creating, modifying and deleting […]

Doing Remote GP Updates Against OUs Using PowerShell in Windows 8

A couple of weeks ago I wrote this post on the MSDN site, reviewing some of the new Group Policy features in Windows 8/Server 2012. One of those features was a new PowerShell cmdlet in the Group Policy PowerShell module called invoke-gpupdate. This cmdlet, as the name implies, allows you to do a GPUpdate against remote target […]

GPMC PowerShell Cmdlets Updated!

Thanks to a thread on our GPOGUY.COM GPTalk Mailing list, I decided it was time to crack open our GPMC PowerShell module and make a couple of updates. The most significant of these is two new cmdlets: Get-SDMGPOOwner Set-SDMGPOOwner As the name implies, these two cmdlets let you retrieve and set the owner id (AD […]