The following table shows the administrative tasks you can perform with sample scripts included with Group Policy Management.
|
Administrative task
|
Script name
|
Description
|
|
Back up all GPOs in a domain
|
BackupAllGPOs.wsf
|
Backs up all GPOs in a domain to the specified folder.
|
|
Back up a GPO
|
BackupGPO.wsf
|
Given a GPO name or a globally unique identifier (GUID), backs up the GPO to the specified folder.
|
|
Copy a GPO
|
CopyGPO.wsf
|
Creates a new GPO and copies the settings from the source GPO into the new destination GPO, given a source GPO name or GUID and a new destination GPO name.
|
|
Create a policy environment using an XML representation
|
CreateEnvironmentFromXML.wsf
|
Reads an XML file that specifies a policy environment; for example, organizational units, GPOs, links, and security groups. The script can either create the environment in a domain by creating the objects, or delete the environment by deleting objects specified in the XML file.
|
|
Create a GPO with default options
|
CreateGPO.wsf
|
Creates a GPO with the specified name, in the current domain, using the default options.
|
|
Create a migration table
|
CreateMigrationTable.wsf
|
Creates migration tables that can be edited and used to map paths and security principals to new values when importing and copying GPOs across domains.
|
|
Create an XML representation of a policy environment
|
CreateXMLFromEnvironment.wsf
|
Reads an existing policy environment and creates an XML file representing that environment. The XML file captures information about organizational units, GPOs, and GPO links, and security on GPOs. You can use this script in conjunction with the CreateEnvironmentFromXML.wsf script to create a replica of a domain for staging purposes.
|
|
Delete a GPO
|
DeleteGPO.wsf
|
Deletes the specified GPO when given a GPO name or GUID. By default the script deletes links to that GPO within the same domain.
|
|
Grant Permissions for all GPOs in a Domain
|
GrantPermissionOnAllGPOs.wsf
|
Grants a user or group the specified level of permission for all GPOs in the specified domain.
|
|
Import settings into a GPO
|
ImportGPO.wsf
|
Imports the settings from the specified backup to an existing destination GPO in the specified domain.
|
|
Import multiple GPOs into a domain
|
ImportAllGPOs.wsf
|
Creates a new GPO and imports settings into that GPO for each backed-up GPO stored at a specific file system location.
|
|
Restore a GPO
|
RestoreGPO.wsf
|
Restores a backed-up GPO.
|
|
Restore all GPOs
|
RestoreAllGPOs.wsf
|
Restores all GPOs that are stored at a given file system location
|
|
Grant permissions for GPOs linked to a domain, organizational unit, or site
|
SetGPOPermissionsBySOM.wsf
|
Grants a user or group the specified permission type for all GPOs that are linked to a specified domain, organizational unit, or site. You can specify Read, Apply, Edit, FullEdit, or None for the permission type.
|
|
Set GPO permissions
|
SetGPOPermissions.wsf
|
Sets the permission level for a security principal on a given GPO. You can specify Read, Apply, Edit, FullEdit, or None for the permission type.
|
|
Set permissions to create GPOs
|
SetGPOCreationPermissions.wsf
|
Grants or removes the ability to create GPOs in a domain for a given security principal.
|
|
Set policy-related permissions on a given site, domain, or organizational unit
|
SetSOMPermissions.wsf
|
Sets policy-related permissions on a given site, domain, or organizational unit.
|
|
List disabled GPOs
|
FindDisabledGPOs.wsf
|
Prints all GPOs in the specified domain that are disabled or partially disabled.
|
|
List GPO information
|
DumpGPOInfo.wsf
|
Prints the information for a specific GPO, including creation time, modification time, owner, status, version number, security groups that filter the GPO, security groups that have full control, edit, read, or custom permissions, and links.
|
|
List scope of management information
|
DumpSOMInfo.wsf
|
Prints information for a specific site, domain, or organizational unit, including GPO links and policy-related permissions.
|
|
List GPO by policy extension
|
FindGPOsByPolicyExtension.wsf
|
Prints all GPOs in the specified domain for which a specific policy extension is configured; for example, find all GPOs that contain the Software Installation or Folder Redirection policy settings.
|
|
List GPOs by security group
|
FindGPOsBySecurityGroup.wsf
|
Prints all GPOs on which a given security principal has the specified permission or effective permission. You can specify Read, Apply, Edit, or Fulledit for the permission type.
|
|
List GPOs with duplicate names
|
FindDuplicateNamedGPOs.wsf
|
Prints all GPOs in the specified domain that have duplicate names.
|
|
List GPOs without Apply permission
|
FindGPOsWithNoSecurityFiltering.wsf
|
Prints all GPOs in the specified domain that do not apply to anyone because Apply permission is not set on the GPO.
|
|
Listing GPOs Orphaned in SYSVOL
|
FindOrphanedGPOsInSYSVOL.wsf
|
Finds and prints all GPOs in SYSVOL with no corresponding component in Active Directory.
|
|
List domains, organizational units, and sites with external GPO links
|
FindSOMsWithExternalGPOLinks.wsf
|
Prints all domains, organizational units, and sites in the specified domain that link to a GPO in a different domain.
|
|
List unlinked GPOs in a domain
|
FindUnlinkedGPOs.wsf
|
Prints all GPOs in the specified domain that have no links. Links outside the domain, including site links, are not checked.
|
|
Get reports for all GPOs
|
GetReportsForAllGPOs.wsf
|
Takes a domain name, and gets reports for all GPOs in that domain.
|
|
Get reports for GPO
|
GetReportsForGPO.wsf
|
Generates XML and HTML reports for a given GPO.
|
|
List all GPOs in a domain
|
ListAllGPOs.wsf
|
Prints all GPOs in the specified domain.
|
|
Print the scope of management policy tree
|
ListSOMPolicyTree.wsf
|
Prints a list of all organizational units in the specified domain with the list of GPOs that are linked to the domain and each organizational unit.
|
|
List GPO backups in a given file system location
|
QueryBackupLocation.wsf
|
Prints information about all backed up GPOs at the file system location specified by the user.
|