[gptalk] Re: Script to add multiple GPOs with different restricted groups

  • From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Wed, 16 Apr 2008 07:03:27 -0700


You can do most everything below except populating the restricted groups
settings with either GPMC scripts or my free PowerShell cmdlets that wrap
GPMC functionality (www.sdmsoftware.com/freeware.php). The population of
restricted groups is a little more complicated because its not just as
simple as copying the gpttmpl.inf file into the SYSVOL part of the GPO. You
also need to make some modifications on the AD side of the GPO and increment
the versions appropriately to ensure the GPO gets processed. At the risk of
advertising, this is one of the reasons why we built our commercial GPExpert
Scripting Toolkit ?to expose the ability to correctly populate GP settings
in an automated fashion. 


In any case, if you go down this road and have problems, post your scripts
and we definitely help with them.





From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Hendrikus Terwint (SEDIRSI-Prestataire)
Sent: Wednesday, April 16, 2008 1:05 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Script to add multiple GPOs with different restricted


Hi again,


I looked at a GPO with Restricted Groups configured, and found a GptTmpl.inf
file in it (on the sysvol) ? maybe this would do the job:

·         Export a GPO with some Restricted Groups configured

·         Build a script that modifies the GptTmpl.inf file with the right
group SIDs and imports this to the newly linked GPOs? something like that


If anyone has another idea (or a script that does something alike), this
would be greatly appreciated J


Best regards,



De : gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] De la
part de Hendrikus Terwint (SEDIRSI-Prestataire)
Envoyé : mercredi 16 avril 2008 09:55
À : gptalk@xxxxxxxxxxxxx
Objet : [gptalk] Script to add multiple GPOs with different restricted


Hello everybody,


Could anyone put me on the right track for a script that:

·         Runs thru every child OU in the OU=Servers

·         Creates GPOs (GPO names built on child OU names)

·         Links the GPOs to the child OUs

·         Configures these GPOs with Restricted Groups

o   Different Restricted Groups for each GPO (group names built on child
OU?s names)


I was thinking of using the gpmc script ?CreateGPO.wsf?, then dynamically
modify a migtable file in order to import the appropriate Restricted Groups
into the GPOs?. ?

Maybe Powershell could provide a solution?


Has anyone done this before?


Hendrikus TERWINT

Consultant Avanade France



Prestataire pour le compte de SEDI-RSI, site de Bagnolet

Tél. : 01 55 82 39 70


Other related posts: