Using Windows Server 2008 R2 group policy to make life easier

Tip

Using Windows Server 2008 R2 group policy to make life easier

It's essential to take a walk through Windows Server 2008 R2's group policy features in order to get an understanding of how to use the Group Policy preferences and PowerShell together. Group Policy is a new Windows

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

term (for Windows Server 2008 R2 and Windows 7) for common configuration settings. Now, an administrator can create his own group policy, which applies to users.

Windows Server 2008 Group Policy can enable you to do the following tasks with ease: check and compare settings across domains, reduce complexity of your group policy environment, manage power settings, use the new Windows 7 Group Policy-enabled features such as BitLocker, and create a baseline of compliance for new group policy objects (GPO).

Group Policy was earlier a part of WINLOGON. Now, Windows Server 2008 group policy runs as a part of shared services. One of the new additions to Windows Server 2008 group policy is the PowerShell, which has the following features:

 

  • You can configure Active Directory using PowerShell.
  • Power management features in Windows Server 2008 R2: group policy filtering, group policy logview, and group policy event viewer log.
  • Deployment guidance, firewall policy, and IPsec capabilities.


PowerShell cmdlets in Windows Server 2008 R2 can be used through the Group Policy Management Console (GPMC). These cmdlets allow you to automate many of the same tasks that you usually perform in the graphical user interface.

To use the Windows PowerShell cmdlets for Windows Server 2008's Group Policy, you must be running either:

 

  • Windows Server 2008 R2 on a domain controller, or
  • Windows Server 2008 R2 on a member server with GPMC installed, or
  • Windows 7 with Remote Server Administration Tools installed.

 
Microsoft provides a program snap-in which allows you to use the Group Policy Microsoft Management Console (MMC) for Windows Server 2008 R2. Through MMC, you can create a GPO which defines registry-based policies, security options, software installation, maintenance options, script options, and folder redirection options.

Microsoft now provides a program snap-in which allows you to use the Group Policy Microsoft Management Console (MMC) for Windows Server 2008 R2.
,

Before using Windows Server 2008's Group Policy cmdlets, it's essential to use the import-module Group Policy command (which will help you import the Group Policy module). You can modify Windows PowerShell's profile to import the Group Policy module every time you start a session. You can use the get-command module Group Policy to get a list of all Group Policy commands.

There is a separate group policy for Windows Vista/7 machines. It is the old user interface (UI) for pre-Vista, and a new UI for Vista. Three methods for policy separation can be used: grouping (read/apply control), separate organizational unit (OU) with the GPO link, or the windows management instrumentation (WMI) Filter.

About the author: In his present role, Aviraj Ajgekar manages the IT infrastructure of Microsoft India (Western region). He has conducted training sessions on Microsoft Certified Systems Engineer and Sun Solaris System Administration. Ajgekar discussed the present topic at Microsoft TechEd 2010, Bengaluru.

(As told to Jasmine Desai)
 

This was first published in May 2010

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.