[gptalk] Re: Group Policy Preference Client Side Extensions now available

  • From: Thorbjörn Sjövold <thorbjorn.sjovold@xxxxxxxxxxxxxxx>
  • To: "gptalk@xxxxxxxxxxxxx" <gptalk@xxxxxxxxxxxxx>
  • Date: Wed, 27 Feb 2008 21:54:54 +0100

"Get-SDMgpo | Where-Object {$_.ContainsPolicyMakerStuff -eq $true} | 
Update-SDMPolicyMakerToGpp"

Darren, here you go, I have done my part, now you just fill in the blanks ;)


Looking forward to the beer Jamie!




From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Nelson, Jamie R
Sent: den 27 februari 2008 15:35
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Group Policy Preference Client Side Extensions now 
available

I figured it would be a pain. We have a significant amount of time invested in 
PolicyMaker GPOs and it will kind of stink to redo everything in GPP. I'll be 
at MMS and I think we should drink beer regardless. :)

Jamie Nelson | Systems Engineer | Systems Support, Information Technology | I N 
T E G R I S Health | Phone 405.552.0903 | Fax 405.553.5687 | 
http://www.integrisok.com<http://www.integrisok.com/>

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Thorbjörn Sjövold
Sent: Tuesday, February 26, 2008 5:18 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Group Policy Preference Client Side Extensions now 
available

The new GPP CSEs and the older PolicyMaker CSEs does not seem to use the same 
GP Extension GUIDs and hence it is not possible to use the PolicyMaker CSEs 
with the new GPP editor or vice versa. There is most likely a number of reasons 
for this change of GUIDs (even though that the actual extensions most likely 
have not changed much), where dropped support ASAP for the old PolicyMaker CSEs 
most likely is number one. If Microsoft "reused" the PolicyMaker CSE GUIDs then 
they would have to test every future change in GPP against the older 
PolicyMaker CSEs to make sure it does not break, and adding unnecessary test 
scenarios is nothing the GP teams dreams of :), they have quite a few 
already... Also the old PolicyMaker CSEs relied on some sort of licensing 
extension (that I think now is removed) that would mess things up. Actually I 
think to some degree that it is a good thing with the GUID change to let MS 
have a fresh start, since besides from GP Gurus on this list of course :), a 
devastating majority of the organizations that will now use GPP, does not have 
PolicyMaker and thus the number of migrations will be extremely few compared to 
the number of new installations. Not that that does not mean it will be a lot 
of planning and work involved for those that have PolicyMaker :(, but a 
migration tool would be nice of course ...

Regarding the need for RSAT/2008/Vista SP1 to manage GPP, PolicyMaker was all 
XML files, so unless this changed (and I doubt it since GPP requires no schema 
changes AFAIK), and you feel lucky (and are absolutely not allowed to install 
2008/Vista SP1 for some reason), you can bring out Notepad on any box followed 
by a quick call to IGroupPolicyObject:Save with the new GUIDs :), if you are 
going to MMS or TechEd, we'll figure it out together over a few beers. Of 
course when Darren extends his Scripting Toolkit for PowerShell with GPP (and 
just add PowerGUI if you prefer to click instead of script) you have everything 
you ever dreamed of and you do not have to rely on luck or drinking beer with 
me :)

Thorbjörn Sjövold
Special Operations Software
www.specopssoft.com
thorbjorn.sjovold a t specopssoft.com

Download our free tool for remote Gpupdate with graphical reporting, 
http://www.specopssoft.com/products/specopsgpupdate/




From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Scott Klassen
Sent: den 26 februari 2008 19:38
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Group Policy Preference Client Side Extensions now 
available

Nope, nor will you be able to create them, since they are invisible to any tool 
other than the new GPMC (GPOE?) included in the RSAT tools.  RSAT is included 
with Server 2008, and we're waiting for the downloadable version which can only 
be installed on Vista SP1.  So, in order to use GPP, you will need at a 
minimum:  the extensions deployed out to your client systems (XP, Vista, and 
server 2003), one Vista SP1 management workstation, and the RSAT tools.

Probably ought to mention, that GPP is only applicable for Group Policy, not 
Local Policy.

Scott Klassen

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Michael Pietrzak
Sent: Tuesday, February 26, 2008 11:38 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Group Policy Preference Client Side Extensions now 
available

Okay, so I understand that the CSE's will need to be installed on an XP or 
Server 2003 in order for the preferences to be applied. But I am trying to get 
my head around the management aspect. Now I could manage the settings from a 
server 2008 box, and I see that the RSAT will be needed for Vista, but what 
about management from an XP or Server 2003 box? Is there no management solution 
coming for those platforms? Will I be able to create manage GP preferences if I 
simply install the CSE's on a Server 2003 box?

Thanks,

Michael

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Darren Mar-Elia
Sent: Tuesday, February 26, 2008 9:15 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Group Policy Preference Client Side Extensions now 
available

Good question Jamie. My guess is yes but of course, there are some extensions 
(like Office app settings and Outlook profile stuff) that MS did not ship with 
GPP. I will see if I can confirm the question with MS generally.

Darren


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Nelson, Jamie R
Sent: Tuesday, February 26, 2008 9:11 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Group Policy Preference Client Side Extensions now 
available

Will the GP Preference extensions process old PolicyMaker based settings? 
Haven't tested it yet, but thought I would check with the group to see if 
anyone knows offhand.

Jamie Nelson | Systems Engineer | Systems Support, Information Technology | I N 
T E G R I S Health | Phone 405.552.0903 | Fax 405.553.5687 | 
http://www.integrisok.com<http://www.integrisok.com/>

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Darren Mar-Elia
Sent: Tuesday, February 26, 2008 11:02 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Group Policy Preference Client Side Extensions now 
available

Thanks for the update Scott. I heard some rumor about the 27th for this stuff 
formally appearing on the various download sites, so maybe tomorrow.


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Scott Klassen
Sent: Tuesday, February 26, 2008 8:59 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Group Policy Preference Client Side Extensions now available

Group Policy Preference Client Side Extensions are now live at the MS Download 
Center.  Still no sign of RSAT though.

Scott Klassen

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Darren Mar-Elia
Sent: Monday, February 25, 2008 9:54 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Port Traffic For GPO

If this is not Vista clients, then the following should cover it:

ICMP
LDAP: TCP 389
SMB: TCP 445
RPC Port Mapper: TCP 135 and then >1024 after the RPC connection is set up.
Kerberos (Can't remember if this is UDP or TCP in all cases but Port 88)

Darren

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jonathan Finkbiner
Sent: Monday, February 25, 2008 7:48 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Port Traffic For GPO

Quick and easy question: What TCP port(s?) does GPO traffic traverse? I have 
some software firewalls deployed in the field that I believe are blocking ports 
needed for proper application of policies.

Jonathan Finkbiner<mailto:jfinkbiner@xxxxxxx>
Information Services
Support Analyst
Lifestyle Family Fitness<http://www.lff.com/>


________________________________
This e-mail may contain identifiable health information that is subject to 
protection under state and federal law. This information is intended to be for 
the use of the individual named above. If you are not the intended recipient, 
be aware that any disclosure, copying, distribution or use of the contents of 
this information is prohibited and may be punishable by law. If you have 
received this electronic transmission in error, please notify us immediately by 
electronic mail (reply).

________________________________
This e-mail may contain identifiable health information that is subject to 
protection under state and federal law. This information is intended to be for 
the use of the individual named above. If you are not the intended recipient, 
be aware that any disclosure, copying, distribution or use of the contents of 
this information is prohibited and may be punishable by law. If you have 
received this electronic transmission in error, please notify us immediately by 
electronic mail (reply).
________________________________
This e-mail may contain identifiable health information that is subject to 
protection under state and federal law. This information is intended to be for 
the use of the individual named above. If you are not the intended recipient, 
be aware that any disclosure, copying, distribution or use of the contents of 
this information is prohibited and may be punishable by law. If you have 
received this electronic transmission in error, please notify us immediately by 
electronic mail (reply).

________________________________
This e-mail may contain identifiable health information that is subject to 
protection under state and federal law. This information is intended to be for 
the use of the individual named above. If you are not the intended recipient, 
be aware that any disclosure, copying, distribution or use of the contents of 
this information is prohibited and may be punishable by law. If you have 
received this electronic transmission in error, please notify us immediately by 
electronic mail (reply).

Other related posts: