Thank you.........I suspected my logic was not correct and I needed clarification. I appreciate the clear and thorough answers from you guys! Jack ________________________________ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Thorbjörn Sjövold Sent: Wednesday, April 25, 2007 4:12 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Moving Test Policies into Production Jack, perhaps I misunderstand, but when you say "rename", do you mean like hacking the GUID or changing the display name? Because GPOs are not identified to the system by (display) name, but rather GUIDs, and just changing the display name will not do anything different to your clients. The by far best method to accomplish the migration of GP settings from a testing environment or OU to a live environment, is to set up a programmatic process using the GPMC APIs (instead of doing it manually) that you can access from for example from VBScript, PowerShell or a regular programming language if you prefer that, this way you can move GPOs from test to live really fast and reduce the chance of human errors, over and over again. Here is the MSDN docs for GPMC: http://msdn2.microsoft.com/en-us/library/aa814316.aspx In this case you describe you could either manage the links, i.e. remove them from the old GPO and add to the new GPO using IGPMGPOLink GPMC interface or what is normally the case when moving from test to live environment, use the backup/import methods (this is actually something you can do from the GPMC GUI directly if you do not like the more automated approach, select your test GPO, right click, back it up and then select your live GPO, right click and do an import). Be vary though since that basically means that you will replace all the settings in the GPO you import into. It is not possible to only move certain settings but rater it is a all or nothing approach. Consider yourself warned, I have seen some nasty things in really large environments caused by a few, not to well prepared, mouse clicks... The same warning goes for doing it using the APIs, but the organizations doing it this way normally have a more process oriented way of working with Group Policy. When the TechNet magazine downloads are uploaded for the May issue, see the link below, there is actually a number of GP management samples using PowerShell that you can download and one of the functions is named CopyGpo() that would fit your needs pretty well. http://www.microsoft.com/technet/technetmag/codeDownload.aspx?year=2007 But if you are still a VBScript/COM guy, there is actually a WSH script that comes with GPMC that does the exact same thing, the script is located here %ProgramFiles%\GPMC\Scripts\CopyGPO.wsf (on a computer with GPMC), and is pretty straight forward to use. HTH, Thorbjörn Sjövold Special Operations Software www.specopssoft.com <http://www.specopssoft.com> thorbjorn.sjovold a t specopssoft.com Download our free tool for remote Gpupdate with graphical reporting, http://www.specopssoft.com/products/specopsgpupdate/ <http://www.specopssoft.com/products/specopsgpupdate/> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Kopenski, Jack Sent: den 25 april 2007 19:26 To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Moving Test Policies into Production Hi, I am trying to identify a good method of moving group policies from a testing phase, to a production mode. I have 50 OU's (offices) and each has a "computer" OU. I have a single GPO called "WiFi Settings" that all 50 are linked to. I also have a "Test" OU where I am testing a revised policy called "WiFi2 Settings". Now that I am done testing the revised policy, and rather than link the "WiFi2 Settings" GPO to all 50 production OU's, can I simply disable the link to "WiFi Settings", rename it to "WiFi Old", and rename "WiFi2 Settings" to "WiFi Settings"? By the way, this GPO runs a script so there are files involved. By renaming the original GPO to "old", and renaming the new one to name all 50 OU's were originally linked to, will that cause any problems, or is there better process? Thank you, Jack The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it. The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it.