[gptalk] Re: Group Policy Preference Client Side Extensions now available

  • From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Tue, 26 Feb 2008 15:26:09 -0800

Good point Thorbjörn. Although I suppose if you could get both sets of CSEs
installed on a machine, then maybe it could process existing PolicyMaker
GPOs without having the need to edit those going forward. Very messy though.

 

And yes, the Scripting Toolkit will be supporting GPP in the near future.  J

 

Darren

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Thorbjörn Sjövold
Sent: Tuesday, February 26, 2008 3:18 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Group Policy Preference Client Side Extensions now
available

 

The new GPP CSEs and the older PolicyMaker CSEs does not seem to use the
same GP Extension GUIDs and hence it is not possible to use the PolicyMaker
CSEs with the new GPP editor or vice versa. There is most likely a number of
reasons for this change of GUIDs (even though that the actual extensions
most likely have not changed much), where dropped support ASAP for the old
PolicyMaker CSEs most likely is number one. If Microsoft ?reused? the
PolicyMaker CSE GUIDs then they would have to test every future change in
GPP against the older PolicyMaker CSEs to make sure it does not break, and
adding unnecessary test scenarios is nothing the GP teams dreams of J, they
have quite a few already... Also the old PolicyMaker CSEs relied on some
sort of licensing extension (that I think now is removed) that would mess
things up. Actually I think to some degree that it is a good thing with the
GUID change to let MS have a fresh start, since besides from GP Gurus on
this list of course J, a devastating majority of the organizations that will
now use GPP, does not have PolicyMaker and thus the number of migrations
will be extremely few compared to the number of new installations. Not that
that does not mean it will be a lot of planning and work involved for those
that have PolicyMaker L, but a migration tool would be nice of course ?

 

Regarding the need for RSAT/2008/Vista SP1 to manage GPP, PolicyMaker was
all XML files, so unless this changed (and I doubt it since GPP requires no
schema changes AFAIK), and you feel lucky (and are absolutely not allowed to
install 2008/Vista SP1 for some reason), you can bring out Notepad on any
box followed by a quick call to IGroupPolicyObject:Save with the new GUIDs
J, if you are going to MMS or TechEd, we?ll figure it out together over a
few beers. Of course when Darren extends his Scripting Toolkit for
PowerShell with GPP (and just add PowerGUI if you prefer to click instead of
script) you have everything you ever dreamed of and you do not have to rely
on luck or drinking beer with me J

 

Thorbjörn Sjövold

Special Operations Software

www.specopssoft.com

thorbjorn.sjovold a t specopssoft.com

 

Download our free tool for remote Gpupdate with graphical reporting,
http://www.specopssoft.com/products/specopsgpupdate/

 

 

 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Scott Klassen
Sent: den 26 februari 2008 19:38
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Group Policy Preference Client Side Extensions now
available

 

Nope, nor will you be able to create them, since they are invisible to any
tool other than the new GPMC (GPOE?) included in the RSAT tools.  RSAT is
included with Server 2008, and we?re waiting for the downloadable version
which can only be installed on Vista SP1.  So, in order to use GPP, you will
need at a minimum:  the extensions deployed out to your client systems (XP,
Vista, and server 2003), one Vista SP1 management workstation, and the RSAT
tools.

 

Probably ought to mention, that GPP is only applicable for Group Policy, not
Local Policy.

 

Scott Klassen

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Michael Pietrzak
Sent: Tuesday, February 26, 2008 11:38 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Group Policy Preference Client Side Extensions now
available

 

Okay, so I understand that the CSE?s will need to be installed on an XP or
Server 2003 in order for the preferences to be applied. But I am trying to
get my head around the management aspect. Now I could manage the settings
from a server 2008 box, and I see that the RSAT will be needed for Vista,
but what about management from an XP or Server 2003 box? Is there no
management solution coming for those platforms? Will I be able to create
manage GP preferences if I simply install the CSE?s on a Server 2003 box?

 

Thanks,

 

Michael

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Darren Mar-Elia
Sent: Tuesday, February 26, 2008 9:15 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Group Policy Preference Client Side Extensions now
available

 

Good question Jamie. My guess is yes but of course, there are some
extensions (like Office app settings and Outlook profile stuff) that MS did
not ship with GPP. I will see if I can confirm the question with MS
generally.


Darren

 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Nelson, Jamie R
Sent: Tuesday, February 26, 2008 9:11 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Group Policy Preference Client Side Extensions now
available

 

Will the GP Preference extensions process old PolicyMaker based settings?
Haven?t tested it yet, but thought I would check with the group to see if
anyone knows offhand.

 

Jamie Nelson | Systems Engineer | Systems Support, Information Technology |
I N T E G R I S Health | Phone 405.552.0903 | Fax 405.553.5687 |
<http://www.integrisok.com/> http://www.integrisok.com

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Darren Mar-Elia
Sent: Tuesday, February 26, 2008 11:02 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Group Policy Preference Client Side Extensions now
available

 

Thanks for the update Scott. I heard some rumor about the 27th for this
stuff formally appearing on the various download sites, so maybe tomorrow.

 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Scott Klassen
Sent: Tuesday, February 26, 2008 8:59 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Group Policy Preference Client Side Extensions now
available

 

Group Policy Preference Client Side Extensions are now live at the MS
Download Center.  Still no sign of RSAT though.

 

Scott Klassen

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Darren Mar-Elia
Sent: Monday, February 25, 2008 9:54 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Port Traffic For GPO

 

If this is not Vista clients, then the following should cover it:

 

ICMP

LDAP: TCP 389

SMB: TCP 445

RPC Port Mapper: TCP 135 and then >1024 after the RPC connection is set up.

Kerberos (Can?t remember if this is UDP or TCP in all cases but Port 88)

 

Darren

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Jonathan Finkbiner
Sent: Monday, February 25, 2008 7:48 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Port Traffic For GPO

 

Quick and easy question: What TCP port(s?) does GPO traffic traverse? I have
some software firewalls deployed in the field that I believe are blocking
ports needed for proper application of policies.

 

Jonathan Finkbiner <mailto:jfinkbiner@xxxxxxx> 

Information Services

Support Analyst

Lifestyle Family Fitness <http://www.lff.com/> 

 

 

  _____  

This e-mail may contain identifiable health information that is subject to
protection under state and federal law. This information is intended to be
for the use of the individual named above. If you are not the intended
recipient, be aware that any disclosure, copying, distribution or use of the
contents of this information is prohibited and may be punishable by law. If
you have received this electronic transmission in error, please notify us
immediately by electronic mail (reply).

 

  _____  

This e-mail may contain identifiable health information that is subject to
protection under state and federal law. This information is intended to be
for the use of the individual named above. If you are not the intended
recipient, be aware that any disclosure, copying, distribution or use of the
contents of this information is prohibited and may be punishable by law. If
you have received this electronic transmission in error, please notify us
immediately by electronic mail (reply). 

Other related posts: