It's essential to take a walk through Windows Server 2008 R2's group policy features in order to get an understanding of how to use the Group Policy preferences and PowerShell together. Group Policy is a new Windows
Windows Server 2008 Group Policy can enable you to do the following tasks with ease: check and compare settings across domains, reduce complexity of your group policy environment, manage power settings, use the new Windows 7 Group Policy-enabled features such as BitLocker, and create a baseline of compliance for new group policy objects (GPO).
Group Policy was earlier a part of WINLOGON. Now, Windows Server 2008 group policy runs as a part of shared services. One of the new additions to Windows Server 2008 group policy is the PowerShell, which has the following features:
- You can configure Active Directory using PowerShell.
- Power management features in Windows Server 2008 R2: group policy filtering, group policy logview, and group policy event viewer log.
- Deployment guidance, firewall policy, and IPsec capabilities.
PowerShell cmdlets in Windows Server 2008 R2 can be used through the Group Policy Management Console (GPMC). These cmdlets allow you to automate many of the same tasks that you usually perform in the graphical user interface.
To use the Windows PowerShell cmdlets for Windows Server 2008's Group Policy, you must be running either:
- Windows Server 2008 R2 on a domain controller, or
- Windows Server 2008 R2 on a member server with GPMC installed, or
- Windows 7 with Remote Server Administration Tools installed.
Microsoft provides a program snap-in which allows you to use the Group Policy Microsoft Management Console (MMC) for Windows Server 2008 R2. Through MMC, you can create a GPO which defines registry-based policies, security options, software installation, maintenance options, script options, and folder redirection options.
Before using Windows
Server 2008's Group Policy cmdlets, it's essential to use the import-module Group Policy
command (which will help you import the Group Policy module). You can modify Windows PowerShell's
profile to import the Group Policy module every time you start a session. You can use the
get-command module Group Policy to get a list of all Group Policy commands.
There is a separate group policy for Windows Vista/7 machines. It is the old user interface (UI) for pre-Vista, and a new UI for Vista. Three methods for policy separation can be used: grouping (read/apply control), separate organizational unit (OU) with the GPO link, or the windows management instrumentation (WMI) Filter.
About the author: In his present role, Aviraj Ajgekar manages the IT infrastructure of Microsoft India (Western region). He has conducted training sessions on Microsoft Certified Systems Engineer and Sun Solaris System Administration. Ajgekar discussed the present topic at Microsoft TechEd 2010, Bengaluru.
(As told to Jasmine Desai)
This was first published in May 2010