WEBVTT 00:03.050 --> 00:03.550 Okay. 00:03.560 --> 00:07.280 So let's go ahead and take a spin around the PowerShell group policy module. 00:08.210 --> 00:10.190 I'm going to go ahead and start PowerShell. 00:10.280 --> 00:14.780 But when I do it, I'm going to run it as administrator because there are certain operations I'm going 00:14.780 --> 00:18.590 to want to perform against GPOs that are going to need my full admin permission. 00:19.460 --> 00:23.120 So I'm going to go ahead and do that in PowerShell. 00:23.120 --> 00:28.220 V4, Microsoft introduced this concept that's sort of on demand module loading where you could type 00:28.220 --> 00:33.170 the name of a command lit, and if the module wasn't already imported, you could it would automatically 00:33.170 --> 00:34.310 imported by default. 00:35.180 --> 00:40.490 But if you're not in that version, you can just type import module, name, group policy and the module 00:40.490 --> 00:41.210 gets imported. 00:42.110 --> 00:45.500 Now remember, I type get command module, group policy. 00:46.320 --> 00:51.060 And it gives me a list of the command lists and aliases that are available in this module, in this 00:51.060 --> 00:52.230 group policy module. 00:53.070 --> 00:56.400 And so the simplest one that I'm going to start with is get GPO. 00:57.240 --> 01:00.840 So get GPO, lets me get a reference to a group policy object. 01:01.740 --> 01:08.640 So I'm going to typically I'm going to use the command lit tab completion to show you some of the parameters 01:08.640 --> 01:09.840 that are available here. 01:10.710 --> 01:16.410 So I can provide a name, I can provide a grid, I can provide a domain if I want to get access to GPOs 01:16.410 --> 01:22.200 in different domains other than the one I'm currently in and I can tell it which server or DC I want 01:22.200 --> 01:25.770 to connect to to get this information so I can specify a DC. 01:26.660 --> 01:29.990 I can also with GPIO use the all parameter. 01:30.830 --> 01:37.550 And what this is going to do if I hit enter is it returns a list of all the GPOs in my domain and you'll 01:37.550 --> 01:45.380 see that it's got for a given GPO the display name, the domain name, the owner of the GPO, the grid 01:45.380 --> 01:49.370 or ID of the GPO, the status of the GPO. 01:50.150 --> 01:55.670 Any description which is the comment field created modified times and then the user and computer versions 01:55.670 --> 01:58.940 and any WMI filters that might be linked to this GPO. 01:59.750 --> 02:04.820 Now, if I wanted to just get information about one GPO, I could just type name and then lock down 02:04.820 --> 02:06.170 policy, for example. 02:07.010 --> 02:11.630 Or let's use the last one on the list, which is scripts policy, and I can go ahead and get scripts 02:11.630 --> 02:12.200 policy. 02:13.060 --> 02:15.220 I can also assign this to a variable. 02:16.120 --> 02:22.780 So if I go to GPO equals get GPO name scripts policy then now dollar GPO represents this GPO and I can 02:22.780 --> 02:24.100 do some modification on it. 02:24.970 --> 02:28.290 So for example, you see the GPO status property here. 02:28.300 --> 02:32.040 And remember I mentioned there is no direct conflict for modifying status. 02:32.050 --> 02:33.130 But what if I do this? 02:34.060 --> 02:40.930 So what if I said dollar, dollar, dollar, GPO, GPO status, it returns all settings enabled. 02:41.830 --> 02:47.350 Now I happen to know that that's an enumeration that lists or that that contains all the possible values. 02:48.250 --> 02:55.390 So if I were to say dollar GPO status equals zero and then go back and say dollar status, all settings 02:55.390 --> 02:56.440 are disabled now. 02:57.310 --> 03:00.430 And that's actually been changed in the GPO permanently. 03:01.270 --> 03:05.770 You'll see here now that the property or the status on the GPO is set to disabled. 03:06.640 --> 03:09.700 So I can make modifications to certain properties. 03:10.630 --> 03:15.010 Not all properties are modifiable, but in that one, in that particular case it was. 03:15.020 --> 03:19.420 So I was able to make a settings or status change to that GPO using PowerShell. 03:20.290 --> 03:25.960 So there's a lot of flexibility in what you get with the PowerShell command lets and I'm going to talk 03:25.960 --> 03:32.110 more about those and I wanted to just kind of introduce you to the module, get you familiar with some 03:32.110 --> 03:37.660 of the basics and the get GPO Command Let is probably the most basic one you'll start with.