[THIN] Re: Group policy objects

When you make a change to a GPO, I think it changes the version number
in GPT.INI and in AD. Here's the process that I use from my notes (note
that this is for a MF server, hence the loopback setting).
 
How To Copy A GPO
 
- Create a new GPO and enable loopback. Make a modification to any
setting on the user side. (This step creates the folder structures -
ADM, User, etc., under the GUID folder in the SYSVOL share)
- Delete the ADM and USER folders from the new GPO's folder.
- Copy the ADM and USER folders from the source GPO to the new one.
(Note that this is because I do only User settings - you could do the
same thing with the Machine folder)
- Edit the new GPO - change one setting, change it back. (The point at
this step is to just make a change, which causes the GPT.INI and AD
version numbers to be modified and then be in sync, which makes
replication work properly. If they weren't in sync, AD could think that
it didn't need to replicate the policy's files to other DC's, and the
policy wouldn't work when users were authenticated to those DC's).
- Edit each folder redirection item. Changed one letter, change it back,
and save. (When you copy the objects in this way, the folder redirection
is copied, but won't be replicated unless you modify their contents. I
think this is because the GPT.INI and AD version number is a binary
flag, so even though it might match between the file and AD, you have to
make a change so that it flips the bit that tells it to replicate the
folder redirection settings).
 
  As a consultant who has created many GPO's, this procedure has saved
me countless hours. However, the GPMC renders this unnecessary. You
download the GPMC, put it on your XP laptop, and you can backup/restore,
copy, etc. GPO's to your heart's content. Note that in order to
*legally* use the GPMC, you have to have (I think) a Win2K3 server on
your network.
 
Jeff Durbin

 

 

        -----Original Message-----
        From: Brian Lilley [mailto:Brian.Lilley@xxxxxxxxxxxxx] 
        Sent: Friday, September 12, 2003 1:31 AM
        To: 'thin@xxxxxxxxxxxxx'
        Subject: [THIN] Re: Group policy objects
        
        
        Jeff, thanks to you and all for your responses....much
appreciated..
         
        When you say that the version numbers much match in GPT.INI and
the version held in AD, was what you said about 'making a change to one
of the settings in the GPO Admin Templates', intended to change the
version ID in AD.
         
        If you have time, could you expand on this slightly?
         
        Many thanks once again...
         
        Brianos :o)

                -----Original Message-----
                From: Durbin, Jeff [mailto:jdurbin@xxxxxxxxxxxxxxxxxxx]
                Sent: 11 September 2003 20:47
                To: thin@xxxxxxxxxxxxx
                Subject: [THIN] Re: Group policy objects
                
                
                That does work, but it doesn't transfer redirected
folder settings. Also, you can get into some trouble with replication
between domain controllers, i.e. they don't replicate. The GPT.INI file
contains a version number that must match the GPO's version which is
stored in AD. To make sure they replicate when you do it this way, be
sure to immediately make a change to one of the settings in the GPO
under Administrative Templates. Since the GPMC came out, that's the way
to go now. 
                 
                Jeff Durbin

                        -----Original Message-----
                        From: Joe shonk [mailto:jshonk_dhl@xxxxxxxxx] 
                        Sent: Thursday, September 11, 2003 10:55 AM
                        To: thin@xxxxxxxxxxxxx
                        Subject: [THIN] Re: Group policy objects
                        
                        
                        GPOs can be moved in Windows 2000, but not very
easily.
                         
                        Basically it involves setting up a blank GPO and
identifing the GUID for the object.  For the GPO you want to copy from,
idendify the object's GUID.  Then on the domain controller,  locate the
SYSVOL\{domain name}\policies\{copy from GUID}\ directory.  Copy it's
contents (dirs and all) to the SYSVOL\{domain name}\policies\{copy to
GUID}\ directory.
                         
                        Go edit the GPO, verify your settings and apply
the policy as needed.
                         
                        Joe
                        
                        Brian Lilley <Brian.Lilley@xxxxxxxxxxxxx> wrote:

                                does Windows 2000 do it??
                                
                                -----Original Message-----
                                From: Steven Sporen
[mailto:steven.sporen@xxxxxxxxxxxxx]
                                Sent: 11 September 2003 17:05
                                To: thin@xxxxxxxxxxxxx
                                Subject: [THIN] Re: Group policy objects
                                
                                
                                Windows 2003 allows you to export and
import the GPO's.
                                
                                -----Original Message-----
                                From: Brian Lilley
[mailto:Brian.Lilley@xxxxxxxxxxxxx] 
                                Sent: 11 September 2003 02:25
                                To: 'thin@xxxxxxxxxxxxx'
                                Subject: [THIN] Group policy objects
                                
                                
                                If a group policy was built in a test
environment... How would I move
                                this into production.??
                                
                                Is it a case of just copying a .gpo file
over and assigning it to
                                Sites/domains/OU's??
                                
                                thanks in advance..
                                
                                Brian Lilley
                                Systems Integration
                                
                                m +44 (0)7929 002501 
                                t +44 (0)1249 665421
                                e brian.lilley@xxxxxxxxxxxxxx
                                
                                
                                
        
**********************************************************************
                                The information contained in this e-mail
message is intended only for
                                the individuals named above. If you are
not the 
                                intended recipient, you should be aware
that any 
                                dissemination, distribution, forwarding
or other duplication 
                                of this communication is strictly
prohibited. The views 
                                expressed in this e-mail are those of
the individual author 
                                and not necessarily those of Vivista
Limited. 
                                Prior to taking any action based upon
this e-mail message 
                                you should seek appropriate confirmation
of its authenticity. If you
                                have received this e-mail in error,
please immediately 
                                notify the sender by using the e-mail
reply facility.
        
**********************************************************************
                                
                                
        
_____________________________________________________________________
                                
                                This message has been checked for all
known vi ruses on behalf of Vivista
                                by MessageLabs. 
                                
                                http://www.messagelabs.com or Email:
mailsweeper.info@xxxxxxxxxxxxx
                                
                                Vivista formerly Securicor Information
Systems for further information
                                http://www.vivista.co.uk 
                                
        
********************************************************
                                This Week's Sponsor: ThinPrint
                                http://www.thinprint.com
        
**********************************************************
                                Useful Thin Client Computing Links are
available at:
                                http://thethin.net/links.cfm
                                
                                For Archives, to Unsubscribe, Subscribe
or 
                                set Digest or Vacation mode use the
below link:
                                http://thethin.net/citrixlist.cfm
        
********************************************************
                                This Week's Sponsor: ThinPrint
                                http://www.thinprint.com
        
**********************************************************
                                Useful Thin Client Computing Links are
available at:
                                http://thethin.net/links.cfm
                                
                                For Archives, to Unsubscribe, Subscribe
or 
                                set Digest or Vacation mode use the
below link:
                                http://thethin.net/citrixlist.cfm
                                
        
_____________________________________________________________________
                                
                                This message has been checked for all
known viruses on behalf of Vivista by
                                MessageLabs. 
                                
                                http://www.messagelabs.com or Email:
mailsweeper.info@xxxxxxxxxxxxx
                                
                                Vivista formerly Securicor Information
Systems for further information
                                http://www.vivista.co.uk 
                                
                                
                                
        
**********************************************************************
                                The information contained in this e-mail
message is intended
                                only for the individuals named above. If
you are not the 
                                intended recipient, you should be aware
that any 
                                dissemination, distribution, forwarding
or other duplication 
                                of this communication is strictly
prohibited. The views 
                                expressed in this e-mail are those of
the individual author 
                                and not necessarily those of Vivista
Limited. 
                                Prior to taking any action based upon
this e-mail message 
                                you should se ek appropriate
confirmation of its authenticity.
                                If you have received this e-mail in
error, please immediately 
                                notify the sender by using the e-mail
reply facility.
        
**********************************************************************
                                
                                
        
_____________________________________________________________________
                                
                                This message has been checked for all
known viruses on behalf of Vivista by MessageLabs. 
                                
                                http://www.messagelabs.com or Email:
mailsweeper.info@xxxxxxxxxxxxx
                                
                                Vivista formerly Securicor Information
Systems for further information http://www.vivista.co.uk 
                                
        
********************************************************
                                This Week's Sponsor: ThinPrint
                                http://www.thinprint.com
        
**********************************************************
                                Useful Thin Client Computing Links are
available at:
                                http://thethin.net/links.cfm
                                
                                For Archives, to Unsubscribe, Subscribe
or 
                                set Digest or Vacation mode use the
below link:
                                http://thethin.net/citrixlist.cfm

                        
  _____  

                        Do you Yahoo!?
                        Yahoo! SiteBuilder
<http://us.rd.yahoo.com/evt=10469/*http://sitebuilder.yahoo.com>  -
Free, easy-to-use web site design software


        
_____________________________________________________________________
                
                This message has been checked for all known viruses on
behalf of Vivista by MessageLabs. 
                
                http://www.messagelabs.com or Email:
mailsweeper.info@xxxxxxxxxxxxx
                
                Vivista formerly Securicor Information Systems for
further information http://www.vivista.co.uk 
                
                
                

        
        
        
**********************************************************************
        The information contained in this e-mail message is intended
        only for the individuals named above. If you are not the 
        intended recipient, you should be aware that any 
        dissemination, distribution, forwarding or other duplication 
        of this communication is strictly prohibited. The views 
        expressed in this e-mail are those of the individual author 
        and not necessarily those of Vivista Limited. 
        Prior to taking any action based upon this e-mail message 
        you should seek appropriate confirmation of its authenticity.
        If you have received this e-mail in error, please immediately 
        notify the sender by using the e-mail reply facility.
        
**********************************************************************
        
        
_____________________________________________________________________
        
        This message has been checked for all known viruses on behalf of
Vivista by MessageLabs. 
        
        http://www.messagelabs.com or Email:
mailsweeper.info@xxxxxxxxxxxxx
        
        Vivista formerly Securicor Information Systems for further
information http://www.vivista.co.uk 
        
        

Other related posts: