WEBVTT 00:03.070 --> 00:07.120 So let's run through some of these command letters that I just used in the past slides. 00:07.990 --> 00:10.360 So let's go ahead and create a new GPO. 00:11.140 --> 00:15.580 And again, I'm going to use the new GPO Command, let with a name of test policy. 00:16.420 --> 00:21.040 And what you see is it returns information about the GPO as it's being created. 00:21.910 --> 00:23.350 So it got the name. 00:24.190 --> 00:25.510 It's got the domain name. 00:25.510 --> 00:28.000 The owner ad version, of course, is zero. 00:28.840 --> 00:34.060 If I come back into PMC, go up and refresh my group policy objects container, you'll see that. 00:34.060 --> 00:36.250 Sure enough, it's created that GPO. 00:37.060 --> 00:41.740 Now, what I want to do is rename this GPO using the renamed GPO Command Lit. 00:42.670 --> 00:44.950 So let's go ahead and paste that command in. 00:45.820 --> 00:48.520 So we'll do renamed GPO Name Test Policy. 00:49.340 --> 00:52.910 And I'm going to give it a new target name of marketing lockdown policy. 00:53.750 --> 00:54.710 And there we go. 00:55.560 --> 00:56.820 I've just renamed it. 00:57.750 --> 01:03.630 So if I again come back into AMC, if I hit a five, you'll notice that it just got switched to marketing 01:03.630 --> 01:04.200 lockdown. 01:05.040 --> 01:10.230 And after all that, I can go ahead and say, remove GPO Marketing Lockdown, give it the name parameter 01:10.230 --> 01:11.610 just to keep everything clear. 01:11.670 --> 01:12.180 Marketing. 01:12.180 --> 01:13.200 Lockdown Policy. 01:14.030 --> 01:15.560 And it deletes the GPO. 01:15.590 --> 01:16.940 No fuss, no muss. 01:17.830 --> 01:21.170 Again, come up to AMC, hit refresh, and it's gone. 01:22.000 --> 01:27.580 Now, remember I said that you could easily get a count of all GPOs using the GPIO command, let with 01:27.580 --> 01:31.150 the wall parameter and passing it as an expression to the count property. 01:31.980 --> 01:35.280 And there I got I've got 28 GPOs in this domain. 01:36.150 --> 01:37.140 So all good. 01:38.040 --> 01:42.120 So now what I want to do is I want to get some information about some existing GPOs. 01:42.150 --> 01:47.040 I've got this locked down policy, locked down GPO, and I'm going to go ahead and get the permissions 01:47.040 --> 01:47.460 on this. 01:48.390 --> 01:51.570 So I'm going to go ahead and get the permissions on the GPO. 01:52.410 --> 01:55.220 So get GP permission of the name lock down policy. 01:55.230 --> 01:57.990 And I'm going to say I want all permissions on the GPO. 01:58.830 --> 02:02.730 So now what it did is it returned four objects for each different permission. 02:03.630 --> 02:06.660 Here's authenticated users with the GPO apply permission. 02:06.690 --> 02:12.330 That's basically that security filter that lets that authenticated users group groups process this policy. 02:13.200 --> 02:16.560 Now, what I want to do is go ahead and set the permissions. 02:17.460 --> 02:21.480 Now I'm going to go ahead and clear the screen here so that I can get a fresh canvas. 02:22.350 --> 02:25.540 Now, what I want to do is set permissions on that lock down policy. 02:25.560 --> 02:27.930 So I'm going to go ahead and copy that command in. 02:28.770 --> 02:31.920 And what I'm going to do is set permissions on the lock down policy. 02:32.010 --> 02:34.500 Permission level is going to be oops. 02:35.400 --> 02:40.830 Let me get back to my parameter here and I'll show you the possible permissions. 02:41.730 --> 02:43.860 So I can have possibly GPO custom. 02:43.890 --> 02:45.180 I'm going to use GPO. 02:45.180 --> 02:47.190 Edit Target name is the sales admin. 02:47.190 --> 02:49.320 So you are group and the target type is group. 02:50.190 --> 02:55.770 So now if I do a get permission on the lockdown policy, get GP permission on name lockdown policy. 02:56.610 --> 02:57.900 Use the all parameter. 02:57.900 --> 03:00.660 And now I've got that sales admins group that's been added. 03:01.530 --> 03:07.140 So now let's go ahead and clear the screen again and let's go ahead and do a linking of our lockdown 03:07.140 --> 03:08.520 policy to an you. 03:09.360 --> 03:14.700 So we've got our users marketing our you and I specified the lock down GPO with the new link command 03:14.700 --> 03:19.680 lit and I want to tell it that the link enabled is yes and the order is number one. 03:20.550 --> 03:25.800 So let's go ahead and issue that command and it comes back and tells me that it did it. 03:26.700 --> 03:28.710 And if I come into the marketing users. 03:28.710 --> 03:29.610 Oh, you up here? 03:30.450 --> 03:31.620 And hit refresh. 03:32.540 --> 03:33.020 You'll see. 03:33.020 --> 03:35.510 I've got my lockdown policy all linked up there. 03:36.380 --> 03:41.570 Now, if I wanted to, for example, change that link to be enforced, I can come back into PowerShell 03:41.570 --> 03:48.850 and paste in the said link GP link command lit again with the target of the EU and enforce set to. 03:48.860 --> 03:50.600 You can't see it here but it's set to. 03:50.600 --> 03:56.810 Yes and if I hit enter and come back to EMC and hit refresh, you'll note the little lock symbol that 03:56.810 --> 03:57.730 just showed up there. 03:57.770 --> 03:59.450 So I've been able to do that refresh. 04:00.350 --> 04:02.570 Now let's look at backing up GPOs. 04:03.450 --> 04:04.020 Again. 04:04.020 --> 04:07.110 We've got lots of capabilities within PowerShell to do this. 04:08.010 --> 04:12.000 The backup GPIO command, let give it the GPO name. 04:12.000 --> 04:14.160 Give it the path to the to the backup folder. 04:14.160 --> 04:17.940 And a comment in this case, lock down PowerShell lock down policy. 04:17.940 --> 04:18.900 PowerShell backup. 04:19.710 --> 04:24.240 And it takes a little bit to run, but then it comes back, tells me that it's made the backup. 04:25.080 --> 04:27.570 Now this is the backup ID that was created. 04:28.410 --> 04:33.230 And if I go into my backup folder, let me just go back up here to my GPO backups folder. 04:33.240 --> 04:38.460 You'll see that the 76 B corresponds to the folder name and that's the the actual backup ID. 04:39.600 --> 04:45.690 So when it comes time to do a restore or an import and I have defeated the backup ID, you'll see if 04:45.690 --> 04:52.410 I paste in my restore command that I've got a backup ID, this is actually a different backup. 04:52.590 --> 04:57.420 But if I come up here, I can get the backup ID that I just created and go ahead and put it into this 04:57.420 --> 04:57.920 command. 04:58.830 --> 05:04.740 So let me go ahead and clear out that one and paste in that new backup I.D. And I can do the restore 05:04.740 --> 05:08.550 and it restores me back to the GPIO settings that were in there from this backup. 05:09.390 --> 05:13.860 So again, I'm using the backup ID as the thing that I'm keying on for the restore. 05:14.760 --> 05:19.620 And this is, you know, just a sampling of the things that you can do, a pretty broad sampling of 05:19.620 --> 05:22.290 the things you can do in the PowerShell group policy module. 05:23.160 --> 05:28.710 Next, I want to look at the capabilities of some VBScript sample scripts that are available from Microsoft.