[gptalk] Re: starter GPOs

  • From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Wed, 2 Jul 2008 15:57:42 -0700

Ah, I get it now. Yes, one possibility is to populate the GPO's comment
field as you create it anew from the Starter. That's actually fairly easy to
script as there is now a Description property on GPOs that is read-write. 


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Cruz, Jerome L
Sent: Wednesday, July 02, 2008 3:53 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: starter GPOs




A new AD-based security group has no "description" text until added. The
point is that it has a 'placeholder' for it. In the case of GPOs, we'd have
to 'build it in' using some kind of "Hey script.this OU already has a
default Starter GPO used for this 'xxx' server, so no need to add it again".
As I noted, possibly a manually added file in the Starter GPO's SYSVOL
location, perhaps additional values in the Gpt.Ini file (mmm.that might
cause problems for Microsoft), or perhaps something in the 'friendly name'
could be used. Just trying to get creative here and spawn other ideas.




From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Darren Mar-Elia
Sent: Wednesday, July 02, 2008 2:01 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: starter GPOs



Thanks for the feedback. The way Starter GPOs work today, there is no trace
of them in the GPO that gets created using them as a template, nor is there
any notion of a Starter GPO being linked to a container. So it might be
pretty tough to be able to do some of the things that you want below. But
some of the other things, like linking GPOs and permissioning GPOs are
already handled by my GPMC cmdlets. The creation of new GPOs from Starters
is what I'm about to release in the next version of the GPMC cmdlets. So,
all of this should be highly do-able from a PowerShell or general automation




From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Cruz, Jerome L
Sent: Tuesday, July 01, 2008 11:30 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: starter GPOs


Hi Darren,


Not yet. however we do plan to use them. So I'll give you a 'starter',
starter GPO. Our Enterprise Multi-user Technology folks have a model where
they centrally design the standard Windows Terminal Server GPOs. The actual
consumers (the distributed GPO Admin for the terminal servers) then use that
as a "starting point" GPO. We plan to use "Starter GPOs" for that.


Considering that many of our server images are based upon selection of a
scripted Server Role (Base Image + Specific Server role), programmatically
being able to add the GPO to the correct server OU location would be
helpful. From that 'scripting' standpoint, other helpful options would be
the ability to detect whether a starter GPO was  already linked to an OU
(and therefore a new one would not be required) by one of several attributes
(e.g. possibly full name or partial GPO Name lookup, possibly the option to
look up a special GPO SYSVOL file tag-possibly a specific file added to the
GPO in SYSVOL indicating the specific kind of GPO that exists, perhaps a
full or partial text string look up in the comments section, etc.). Also the
ability to change the default "Edit" permissions to that of a security group
(which contains the OU level 'group' of folks which 'should have' access-the
point being to eliminate one additional manual configuration step).


Let's see if the info above initiates additional ideas.


Bueller here. no, I mean. Jerry Cruz here

Group Policies Product Manager | Boeing IT


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Darren Mar-Elia
Sent: Tuesday, June 24, 2008 3:31 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] starter GPOs


Hey folks-

As many of you know, I have some free PowerShell cmdlets that I provide that
wrap the GPMC APIs. I'm looking at updating those for some of the new GPMC
features and am trying to figure out if anyone out there is actually using
Starter GPOs? Anyone? Bueller? Bueller? J






Darren Mar-Elia

For comprehensive Windows Group Policy Information, check out www.gpoguy.com
<http://www.gpoguy.com/> -- the best source for GPO FAQs, video training,
tools and whitepapers. Also check out the Windows
s_1/104-1133146-9411929?v=glance&n=283155>  Group Policy Guide, the
definitive resource for Group Policy information. 




Other related posts: