Sign in
 
HomeLibraryWikiLearnGalleryDownloadsSupportForumsBlogs
Resources for IT Professionals >
GPO Backups - Import + Merge + Export problems

Answered GPO Backups - Import + Merge + Export problems

  • Thursday, January 10, 2013 12:37 AM
     
     
    Sign In to Vote
    0

    Hi guys,

    I've been having a weird issue with SCM that I hope you can shed some light on.

    Scenario:
    Via GPMC:
    * Backup Group Policy A to a folder.
    * Backup Group Policy B to a folder.

    Via SCM
    * Import Group Policy A.
    * Import Group Policy B.
    * Compare/Merge GPOA to GPOB.
    * Merge Baselines as "Group Policy A v2"
    * Export to GPO Backup (folder) "Group Policy A v2 (SCM Export)"
    - Successful, but some setting were dropped "as they are were not configured". eg: 

    Setting Name: NoChangingWallPaper , UI Path: Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop , CCEID: 
    Setting Name: DisablePersonalDirChange , UI Path: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer , CCEID: 
    Setting Name: NoThemesTab , UI Path: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer , CCEID: 
    Setting Name: fEnableTimeZoneRedirection , UI Path: Software\Policies\Microsoft\Windows NT\Terminal Services , CCEID: 
    + a few more

    * Import GPO Backup "Group Policy A v2 (SCM Export)" (i.e. the same one that we just exported)
    * Compare/Merge "Group Policy A v2" to "Group Policy A v2 (SCM Export)"

    Result:
    - Settings that differ: 0
    - Settings that match: 43
    - Settings only in Baseline A: 28
    - Settings only in Baseline B: 39

    For some reason the exported GPO doesn't match the merged baseline GPO.

    Version Info:
    SCM v2.5.40
    Software Library: v1.5.21101

    I've emailed a copy of the GPMC Backups to secwish@microsoft.com, referencing this thread.

    Any thoughts about why the merged, exported then imported GPO doesn't match the merged baseline?

    Thanks & Regards,
    Tim

     

All Replies

  • Friday, January 11, 2013 4:21 PM
    Owner
     
     Answered
    Sign In to Vote
    0

    Tim;

    I’m not certain about your specific situation, but in general terms there are two issues that are probably causing what you see:

    1. Settings that are “Not Defined\Not Configured” are included in the “unique setting” count, but are not included in an export GPO Backup (GPO Backups\GPOPacks do not include data for “Not Defined\Not Configured” settings). SCM (.cab) files will include all data that makes up a baseline (i.e. “Not Defined\Not Configured” settings are included).
    2. There are flaws in the design for GPO imports in SCM. Basically the consequence is that when you import a GPO and associate the new baseline with a product settings are not always correctly mapped to the library of settings in SCM. This causes settings to be dropped and discrepancies with the setting count.

    We apologize about this, we first realized their was a problem a few months ago, right after we published SCM 2.5, but initially we thought it was a problem in the setting data. After fixing those issues our internal testing showed their were more challenging problems with the code itself, and we didn't have enough time to fix it in SCM 3.0. Its somewhat better in SCM 3.0 because we’ve improved the data in the settings library, but fully resolving it requires extensive changes to the code in SCM. We don’t have a target date for resolving it.

    Regards,

    Kurt

    Kurt Dillard http://www.kurtdillard.com