[gptalk] Re: Moving Test Policies into Production

  • From: "Kopenski, Jack" <Jack.Kopenski@xxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Thu, 26 Apr 2007 10:00:13 -0400

Thank you.........I suspected my logic was not correct and I needed 
clarification.  I appreciate the clear and thorough answers from you guys!
 
Jack

________________________________

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Thorbjörn Sjövold
Sent: Wednesday, April 25, 2007 4:12 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Moving Test Policies into Production



Jack,

 

perhaps I misunderstand, but when you say "rename", do you mean like hacking 
the GUID or changing the display name? Because GPOs are not identified to the 
system by (display) name, but rather GUIDs, and just changing the display name 
will not do anything different to your clients.

 

The by far best method to accomplish the migration of GP settings from a 
testing environment or OU to a live environment, is to set up a programmatic 
process using the GPMC APIs (instead of doing it manually) that you can access 
from for example from VBScript, PowerShell or a regular programming language if 
you prefer that, this way you can move GPOs from test to live really fast and 
reduce the chance of human errors, over and over again. 

 

Here is the MSDN docs for GPMC:

http://msdn2.microsoft.com/en-us/library/aa814316.aspx

 

In this case you  describe you could either manage the links, i.e. remove them 
from the old GPO and add to the new GPO using IGPMGPOLink GPMC interface or 
what is normally the case when moving from  test to live environment, use the 
backup/import methods (this is actually something you can do from the GPMC GUI 
directly if you do not like the more automated approach, select your test GPO, 
right click, back it up and then select your live GPO, right click and do an 
import). Be vary though since that basically means that you will replace all 
the settings in the GPO you import into. It is not possible to only move 
certain settings but rater it is a all or nothing approach. Consider yourself 
warned, I have seen some nasty things in really large environments caused by a 
few, not to well prepared, mouse clicks... The same warning goes for doing it 
using the APIs, but the organizations doing it this way normally have a more 
process oriented way of working with Group Policy.

 

When the TechNet magazine downloads are uploaded for the May issue, see the 
link below, there is actually a number of GP management samples using 
PowerShell that you can download and one of the functions is named CopyGpo() 
that would fit your needs pretty well.

http://www.microsoft.com/technet/technetmag/codeDownload.aspx?year=2007

 

But if you are still a  VBScript/COM guy, there is actually a WSH script that 
comes with GPMC that does the exact same thing, the script is located here 
%ProgramFiles%\GPMC\Scripts\CopyGPO.wsf (on a computer with GPMC), and is 
pretty straight forward to use.

 

 

HTH, 

 

Thorbjörn Sjövold

Special Operations Software

www.specopssoft.com <http://www.specopssoft.com> 

thorbjorn.sjovold a t specopssoft.com

 

Download our free tool for remote Gpupdate with graphical reporting, 
http://www.specopssoft.com/products/specopsgpupdate/ 
<http://www.specopssoft.com/products/specopsgpupdate/> 

 

 

 

 

 

 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Kopenski, Jack
Sent: den 25 april 2007 19:26
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Moving Test Policies into Production

 

 

Hi, 

I am trying to identify a good method of moving group policies from a testing 
phase, to a production mode.  I have 50 OU's (offices) and each has a 
"computer" OU.  I have a single GPO called "WiFi Settings" that all 50 are 
linked to.  

I also have a "Test" OU where I am testing a revised policy called "WiFi2 
Settings".  Now that I am done testing the revised policy, and rather than link 
the "WiFi2 Settings" GPO to all 50 production OU's, can I simply disable the 
link to "WiFi Settings", rename it to "WiFi Old", and rename "WiFi2 Settings" 
to "WiFi Settings"?  By the way, this GPO runs a script so there are files 
involved.

By renaming the original GPO to "old", and renaming the new one to name all 50 
OU's were originally linked to, will that cause any problems, or is there 
better process?

Thank you, 

Jack 


The contents of this e-mail are intended for the named addressee only. It 
contains information that may be confidential. Unless you are the named 
addressee or an authorized designee, you may not copy or use it, or disclose it 
to anyone else. If you received it in error please notify us immediately and 
then destroy it.


The contents of this e-mail are intended for the named addressee only. It 
contains information that may be confidential. Unless you are the named 
addressee or an authorized designee, you may not copy or use it, or disclose it 
to anyone else. If you received it in error please notify us immediately and 
then destroy it. 

Other related posts: