Archive for the 'GPO' Category

Video: Automating GPO with PowerShell

Darren‘s “Automating Group Policy Management” session from DEC 2008 got posted on YouTube:

In the session Darren shows both VBScript and PowerShell ways of managing Group Policy – and he is using currently available APIs (including the free GPO cmdlets that his SDM Software produced) – so you don’t have to wait for Windows Server 2008 R2 to start using Darren’s scripts. Check it out!

P.S. Quite a few sessions from DEC 2008 got posted recently – check them all out here.

As I mentioned, TEC 2009 (they renamed it to TEC – The Experts Conference because of the Exchange track added) is going to have a lot more PowerShell and huge amount of new information on the latest directory, identity management, messaging, and cloud-related technologies from Microsoft. I myself has already registered for the event so hopefully will see you there. ūüėČ

Tags: , , , , , ,

It’s official: Microsoft’s AD cmdlets in Server 2008 R2

We all knew that Microsoft’s AD team was working on a set of PowerShell cmdlets of their own, but now we know when and how these are going to be shipped. Jeffrey published stats on the PowerShell cmdlets in the upcoming (in 2010) Windows Server R2.

If you look carefully through the list you will see that one of the snapins is called… activedirectory and contains 76 cmdlets. And these are just for the AD itself. There are other related snapins, like GroupPolicy (25 cmdlets) and ADRMS.PS.Admin (15 Cmdlets).

As far as I know AD and RMS are also getting PowerShell providers.

Sounds like in a year and a half or so we will get a pretty comprehensive cmdlets coverage from Microsoft. Meanwhile, there are obviously free 3rd-party solutions providing similar functionality:

See full Windows Server 2008 snapin list in Jeffrey’s post.

Tags: , , , , , , ,

SDM Software provides 12 GPO cmdlets

Managing GPOs via PowerShell has always been a natural and significant next step after AD management, and it is great to see the ecosystem around PowerShell advancing in closing the gaps. SDM Software guys have updated their free PowerShell snapin which now includes cmdlets to create, change, link, export, import, remove GPOs, as well as manage their security.

This is great, and I like to think I was a bit partial to that, because I was telling Darren about the idea back in March 2007. Of course I am pretty sure I was not the only one, but it’s nice to think you were a part of something great, right? ūüėČ

UPDATE: It turned out that while I was writing this, SDM Software extended the pack from 9 to 12 cmdlets so you can now also get and remove GPO links, as well as work with GPO backups. You guys are quick!

Tags: ,

PowerShell at DEC next week

Let me know if you are at the Directory Experts Conference in Vegas next week – it will be a good place to get together and sync-up!

It looks like PowerShell is going to be pretty big on this DEC. On Tuesday Dung Hoang-Khac from HP will give a PowerShell introduction session which will then be followed by an AD-specific session by Richard Siddaway from UK PowerShell User Group (aka get-psukug). Danny Kim from Full Armor will also have PowerShell section in his presentation related to the GPO and workflow stuff they are doing. Pretty good representation of the technology for a directory conference!

More importantly on Tuesday night everyone mentioned above as well as a few more guys from the UK user group, Quest’s AD cmdlets team, and folks from PowerGadgets are planning to get together for a PowerShell dinner.

If you are at the conference and you are a part of the PowerShell community maybe you should join the group. Send me an email or leave a comment with a way to get in touch with you (or find me at DEC) so I make sure we have a place reserved for you.

See you at DEC!


Tags: , , , , , , , , , ,

“XP can be ‘green’ too” – if you use Group Policy!

Going “green”, making sure the computers and monitors are off when not needed, and thus reducing emissions and energy bills is something most enterprises want to achieve. Group Policy seems to be the best technology to do this. I tried to find a PowerShell alternative but so far was not successful.

In all the discussions last month about whether Vista is more capable of saving energy than XP one thing was missing: although XP indeed has power management settings – they are local and thus cannot be set centrally across the enterprise. The only solution which I see is using some kind of group policy extensions product to distribute the settings.

For those who missed the story: on March 21 Microsoft announced that a UK research company came to the conclusion that “Vista’s power management features could help a business with 200 PCs to reduce its carbon dioxide emissions by 45 tons a year and cut the annual energy bill for each PC by ¬£46 ($90).” On March 26 Gartner published their response, saying that XP can be as green as Vista and that “just about the same savings in electricity and carbon dioxide emissions can be made with XP-based systems by tackling people and process issues through user education and motivation”. (Here’s the coverage in ComputerWorld,, Neowin, and by Paul Thurrott.)

For some reason I don’t believe that “user education and motivation” is the best way to change desktop settings across the enterprise. Group Policy, SMS, various desktop management suites, PowerShell, etc. – are much more effective. Vista provides for automated centralized power management by exposing power options via GPOs. For XP, this is also possible but you will need a third-party tool.

One of the ways to do that is using a product like Quest’s Group Policy Extensions¬†(I am sure other products with similar functionality exist¬†– I am just more familiar with Quest’s product line) so you specify the timeouts after which the monitors needs to be switched off, the computers need to hibernate, etc. and link these policies to the sets of users/computers to which they need to apply (I assume different departments might want different settings):

 Power Management settings in Group Policy Extensions

I am not sure everyone has electricity bills as high as in UK but it looks like a technology like that might actually easily pay off within the first year of its use.

P.S. I tried to look for an alternative to Group Policy and to find a way to change the settings via PowerShell (thinking we could add this to computer management pack for PowerGUI) but failed. It looks like neither native cmdlets not WMI expose the settings and one would need to work directly against the registry for each remote computer. Any suggestions are welcome!

$200 for GPO management

No you don’t have to pay that. Quest did this already. Quest is sponsoring the $200 a week draw for PowerGUI library submissions and we just got the results of the first draw.

And the winner is…. Darren Mar-Elia… Yes, the GPO Guy, Windows IT Pro contributor, and¬† author of a bunch of books, and the CTO and Founder of SDM Software.

Anyway, Darren created a get-sdmGPO cmdlet and a PowerGUI pack using it and posted it for everyone to download and use (absolutely free) at List GPOs snap-in

It’s great to see the momentum around PowerShell and PowerGUI and how more and more management functionality gets exposed through these!

And, congratulations to Darren for winning this $200 Amazon certificate!

We’ll see who the winner is next week – the draw is on Sunday night!


The posts on this blog are provided ‚Äúas is‚ÄĚ with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my employer - WSO2 or anyone else for that matter. All trademarks acknowledged.

© 2007-2014 Dmitry Sotnikov

July 2020

%d bloggers like this: