Tuesday, June 05, 2012 8:57 PM
Hi guys and girls,
Throughout two months now I have been searching for a way to manipulate folder redirection in GPO with powershell. I haven't been able to find one. The closest I have come is the SDM Software (their Group Policy Automation Engine). It works and looks like a nice way of manipulating folder redirection and other GPO settings for that matter.
But can it be? Is there really no way in native powershell, so to speak, that one can use to manipulate folder redirection in GPO?
Manipulating fdeploy.ini, trying to backup and then import GPO's just seems to become such an hassle and involves a lot of data juggling.
So there you have it ;-)
Let me hear from you.
Thank you very much your assistance is greatly appreciated.
Regards Lars B.
Friday, June 08, 2012 10:38 PMModerator
Download and install Remote Server Administration Tools (RSAT).
Then take a read here: Group Policy Cmdlets in Windows PowerShell
Sunday, June 10, 2012 1:18 PM
Thank you very much for your answer.
RSAT won't help as I'm already on a management server with 2008 R2 installed. So I have the needed tools. The article you link with a list of cmdlets, been through numerous times. With no breakhrough ;-(
Have you read this post: http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/843d4694-0c2e-406b-a7b6-6cd54efff1f4
I'm starting to think, more and more, that this can only be done with the SDM software. But I would love to be proven wrong.
Sunday, June 10, 2012 5:10 PM
This question has come up over-abd-over again in the last few years. GPOs are, by design, not manageable via script. Policy is not intenede to be atool that can be altered dynamically. Policy is a choice and when set up correctly the cjpices will reflect real business rules. That is qhy it is names 'policy' and why the individual itemes are most often staed in a wasy that lends them to being looked at like rules.
SDM and others have found ways to force the update of policy objects. Doing this requires keeping track of hundreds of GUIDs and the variations of different systems.
I suspect that Microsoft will eventually put all of this into AD and provide a method (or API) for programatically adjusting policy. It is even possible that Microsoft will buy DSM for this although is is more likely that they will turn GP into a full database of policy.
YOU are free to do what SDM has done. If you are onmly interested in folder redirectio then that is relatively easy to accomplish. SDM has created an API wrpper that handles variations across platforms and accounts for different versions of AD well. In your case you are working with a specific version of AD so yuu need not address these issues.
PowerShell under WS2008R2 (and RSAT) has a set of PowerShell CmdLets that give you the baseline tools for getting and setting policy objects. It lacks only the ability to edit the settings stored within an object. This can be dine using PowerShells powerful string editing capability. Just edit the strings in a backup copy of the policy and use teh CmdLets to restore that copy to the original policy.
Under RSAT/WS2008R2 we can also set registry settings and preferences very much like with SDM. Just load teh module and explore the help. You will see how it is layed out.
Get-GPRegistryValue -name 'Printer Location Policy' -Domain mydom.local -key 'HKLM\Software\Policies\Microsoft\Windows NT\Printers'
The Set is pretty much a mirror. The big difference is that you need to look up the registry key. What SDM provides is a database of lookups or a method of loading the templates and extracting the key values
Where this gets sticky is in knowing what types of items you need to work with as all is registry base and need both the key and the valuetype.
Play with the builting Policy CmdLets on WS2008R2 and see what else they can do.
Sunday, June 10, 2012 7:46 PM
Thank you for your thorough explanation. Highly appreciated. The fact that this comes up now and again might be the reason that I has taken so long to get a real in depth answer, because people have grown tired with answering this ;-). Who knows. At least it is great to have one know. I will look into the things you point out even more and see what I can do or else buy SDM's solution.
Again thank you very much.
- Edited by The Red Baron Sunday, June 10, 2012 8:04 PM