Darren, A new AD-based security group has no "description" text until added. The point is that it has a 'placeholder' for it. In the case of GPOs, we'd have to 'build it in' using some kind of "Hey script...this OU already has a default Starter GPO used for this 'xxx' server, so no need to add it again". As I noted, possibly a manually added file in the Starter GPO's SYSVOL location, perhaps additional values in the Gpt.Ini file (mmm...that might cause problems for Microsoft), or perhaps something in the 'friendly name' could be used. Just trying to get creative here and spawn other ideas. Jerry From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia Sent: Wednesday, July 02, 2008 2:01 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: starter GPOs Jerry- Thanks for the feedback. The way Starter GPOs work today, there is no trace of them in the GPO that gets created using them as a template, nor is there any notion of a Starter GPO being linked to a container. So it might be pretty tough to be able to do some of the things that you want below. But some of the other things, like linking GPOs and permissioning GPOs are already handled by my GPMC cmdlets. The creation of new GPOs from Starters is what I'm about to release in the next version of the GPMC cmdlets. So, all of this should be highly do-able from a PowerShell or general automation perspective. Darren From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Cruz, Jerome L Sent: Tuesday, July 01, 2008 11:30 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: starter GPOs Hi Darren, Not yet... however we do plan to use them. So I'll give you a 'starter', starter GPO. Our Enterprise Multi-user Technology folks have a model where they centrally design the standard Windows Terminal Server GPOs. The actual consumers (the distributed GPO Admin for the terminal servers) then use that as a "starting point" GPO. We plan to use "Starter GPOs" for that. Considering that many of our server images are based upon selection of a scripted Server Role (Base Image + Specific Server role), programmatically being able to add the GPO to the correct server OU location would be helpful. From that 'scripting' standpoint, other helpful options would be the ability to detect whether a starter GPO was already linked to an OU (and therefore a new one would not be required) by one of several attributes (e.g. possibly full name or partial GPO Name lookup, possibly the option to look up a special GPO SYSVOL file tag-possibly a specific file added to the GPO in SYSVOL indicating the specific kind of GPO that exists, perhaps a full or partial text string look up in the comments section, etc.). Also the ability to change the default "Edit" permissions to that of a security group (which contains the OU level 'group' of folks which 'should have' access-the point being to eliminate one additional manual configuration step). Let's see if the info above initiates additional ideas. Bueller here... no, I mean... Jerry Cruz here Group Policies Product Manager | Boeing IT From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia Sent: Tuesday, June 24, 2008 3:31 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] starter GPOs Hey folks- As many of you know, I have some free PowerShell cmdlets that I provide that wrap the GPMC APIs. I'm looking at updating those for some of the new GPMC features and am trying to figure out if anyone out there is actually using Starter GPOs? Anyone? Bueller? Bueller? :) Thanks, Darren Darren Mar-Elia For comprehensive Windows Group Policy Information, check out www.gpoguy.com<http://www.gpoguy.com/>-- the best source for GPO FAQs, video training, tools and whitepapers. Also check out the Windows Group Policy Guide<http://www.amazon.com/gp/product/0735622175/qid=1122367169/sr=8-1/ref=pd_bbs_1/104-1133146-9411929?v=glance&n=283155>, the definitive resource for Group Policy information.