[gptalk] Re: Group Policy Preference Client Side Extensions now available

  • From: "Nelson, Jamie R" <Jamie.Nelson@xxxxxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Wed, 27 Feb 2008 08:34:56 -0600

I figured it would be a pain. We have a significant amount of time invested in 
PolicyMaker GPOs and it will kind of stink to redo everything in GPP. I'll be 
at MMS and I think we should drink beer regardless. J

 

Jamie Nelson | Systems Engineer | Systems Support, Information Technology | I N 
T E G R I S Health | Phone 405.552.0903 | Fax 405.553.5687 | 
http://www.integrisok.com <http://www.integrisok.com/> 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Thorbjörn Sjövold
Sent: Tuesday, February 26, 2008 5:18 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Group Policy Preference Client Side Extensions now 
available

 

The new GPP CSEs and the older PolicyMaker CSEs does not seem to use the same 
GP Extension GUIDs and hence it is not possible to use the PolicyMaker CSEs 
with the new GPP editor or vice versa. There is most likely a number of reasons 
for this change of GUIDs (even though that the actual extensions most likely 
have not changed much), where dropped support ASAP for the old PolicyMaker CSEs 
most likely is number one. If Microsoft "reused" the PolicyMaker CSE GUIDs then 
they would have to test every future change in GPP against the older 
PolicyMaker CSEs to make sure it does not break, and adding unnecessary test 
scenarios is nothing the GP teams dreams of J, they have quite a few already... 
Also the old PolicyMaker CSEs relied on some sort of licensing extension (that 
I think now is removed) that would mess things up. Actually I think to some 
degree that it is a good thing with the GUID change to let MS have a fresh 
start, since besides from GP Gurus on this list of course J, a devastating 
majority of the organizations that will now use GPP, does not have PolicyMaker 
and thus the number of migrations will be extremely few compared to the number 
of new installations. Not that that does not mean it will be a lot of planning 
and work involved for those that have PolicyMaker L, but a migration tool would 
be nice of course ...

 

Regarding the need for RSAT/2008/Vista SP1 to manage GPP, PolicyMaker was all 
XML files, so unless this changed (and I doubt it since GPP requires no schema 
changes AFAIK), and you feel lucky (and are absolutely not allowed to install 
2008/Vista SP1 for some reason), you can bring out Notepad on any box followed 
by a quick call to IGroupPolicyObject:Save with the new GUIDs J, if you are 
going to MMS or TechEd, we'll figure it out together over a few beers. Of 
course when Darren extends his Scripting Toolkit for PowerShell with GPP (and 
just add PowerGUI if you prefer to click instead of script) you have everything 
you ever dreamed of and you do not have to rely on luck or drinking beer with 
me J

 

Thorbjörn Sjövold

Special Operations Software

www.specopssoft.com

thorbjorn.sjovold a t specopssoft.com

 

Download our free tool for remote Gpupdate with graphical reporting, 
http://www.specopssoft.com/products/specopsgpupdate/

 

 

 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Scott Klassen
Sent: den 26 februari 2008 19:38
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Group Policy Preference Client Side Extensions now 
available

 

Nope, nor will you be able to create them, since they are invisible to any tool 
other than the new GPMC (GPOE?) included in the RSAT tools.  RSAT is included 
with Server 2008, and we're waiting for the downloadable version which can only 
be installed on Vista SP1.  So, in order to use GPP, you will need at a 
minimum:  the extensions deployed out to your client systems (XP, Vista, and 
server 2003), one Vista SP1 management workstation, and the RSAT tools.

 

Probably ought to mention, that GPP is only applicable for Group Policy, not 
Local Policy.

 

Scott Klassen

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Michael Pietrzak
Sent: Tuesday, February 26, 2008 11:38 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Group Policy Preference Client Side Extensions now 
available

 

Okay, so I understand that the CSE's will need to be installed on an XP or 
Server 2003 in order for the preferences to be applied. But I am trying to get 
my head around the management aspect. Now I could manage the settings from a 
server 2008 box, and I see that the RSAT will be needed for Vista, but what 
about management from an XP or Server 2003 box? Is there no management solution 
coming for those platforms? Will I be able to create manage GP preferences if I 
simply install the CSE's on a Server 2003 box?

 

Thanks,

 

Michael

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Darren Mar-Elia
Sent: Tuesday, February 26, 2008 9:15 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Group Policy Preference Client Side Extensions now 
available

 

Good question Jamie. My guess is yes but of course, there are some extensions 
(like Office app settings and Outlook profile stuff) that MS did not ship with 
GPP. I will see if I can confirm the question with MS generally.


Darren

 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Nelson, Jamie R
Sent: Tuesday, February 26, 2008 9:11 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Group Policy Preference Client Side Extensions now 
available

 

Will the GP Preference extensions process old PolicyMaker based settings? 
Haven't tested it yet, but thought I would check with the group to see if 
anyone knows offhand.

 

Jamie Nelson | Systems Engineer | Systems Support, Information Technology | I N 
T E G R I S Health | Phone 405.552.0903 | Fax 405.553.5687 | 
http://www.integrisok.com <http://www.integrisok.com/> 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Darren Mar-Elia
Sent: Tuesday, February 26, 2008 11:02 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Group Policy Preference Client Side Extensions now 
available

 

Thanks for the update Scott. I heard some rumor about the 27th for this stuff 
formally appearing on the various download sites, so maybe tomorrow.

 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Scott Klassen
Sent: Tuesday, February 26, 2008 8:59 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Group Policy Preference Client Side Extensions now available

 

Group Policy Preference Client Side Extensions are now live at the MS Download 
Center.  Still no sign of RSAT though.

 

Scott Klassen

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Darren Mar-Elia
Sent: Monday, February 25, 2008 9:54 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Port Traffic For GPO

 

If this is not Vista clients, then the following should cover it:

 

ICMP

LDAP: TCP 389

SMB: TCP 445

RPC Port Mapper: TCP 135 and then >1024 after the RPC connection is set up.

Kerberos (Can't remember if this is UDP or TCP in all cases but Port 88)

 

Darren

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jonathan Finkbiner
Sent: Monday, February 25, 2008 7:48 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Port Traffic For GPO

 

Quick and easy question: What TCP port(s?) does GPO traffic traverse? I have 
some software firewalls deployed in the field that I believe are blocking ports 
needed for proper application of policies.

 

Jonathan Finkbiner <mailto:jfinkbiner@xxxxxxx> 

Information Services

Support Analyst

Lifestyle Family Fitness <http://www.lff.com/> 

 

 

________________________________

This e-mail may contain identifiable health information that is subject to 
protection under state and federal law. This information is intended to be for 
the use of the individual named above. If you are not the intended recipient, 
be aware that any disclosure, copying, distribution or use of the contents of 
this information is prohibited and may be punishable by law. If you have 
received this electronic transmission in error, please notify us immediately by 
electronic mail (reply).

 

________________________________

This e-mail may contain identifiable health information that is subject to 
protection under state and federal law. This information is intended to be for 
the use of the individual named above. If you are not the intended recipient, 
be aware that any disclosure, copying, distribution or use of the contents of 
this information is prohibited and may be punishable by law. If you have 
received this electronic transmission in error, please notify us immediately by 
electronic mail (reply). 

**********************************************************************
This e-mail may contain identifiable health information that is subject to 
protection under state and federal law. This information is intended to be for 
the use of the individual named above. If you are not the intended recipient, 
be aware that any disclosure, copying, distribution or use of the contents of 
this information is prohibited and may be punishable by law. If you have 
received this electronic transmission in error, please notify us immediately by 
electronic mail (reply).


This e-mail may contain identifiable health information that is subject to 
protection under state and federal law. This information is intended to be for 
the use of the individual named above. If you are not the intended recipient, 
be aware that any disclosure, copying, distribution or use of the contents of 
this information is prohibited and may be punishable by law. If you have 
received this electronic transmission in error, please notify us immediately by 
electronic mail (reply).

Other related posts: