Académique Documents
Professionnel Documents
Culture Documents
I've always been a great fan of Group Policy Objects. They are a fantastic way to retain control of your environment. With Windows Server 2012 the good things keep coming. Today we will look at some of whats new in Group Policy in Windows Server 2012. more specifically we will discuss the following:
Remote Group Policy Update Group Policy infrastructure status Local Group Policy support for Windows RT
If you want to follow along, I suggest you download the evaluation of Windows Servers 2012 and use the info in this post to setup your own lab and get acquainted with all the value you can extract from Windows Server 2012 and Group Policies
Windows Server 2012 Windows Server 2008 R2 Windows Server 2008 Windows 8 Windows 7 Windows Vista
for anything else youre stuck with calling someone. or RDP in that machine and do it yourself. One other requirement To schedule a Group Policy refresh for domain-joined computers you must have firewall rules that enable inbound network traffic on the ports listed in the following table. Server port Type of network traffic
Page 1
TCP port 135, RPCSS (Remote Procedure Call service) Remote Scheduled Tasks Management (RPC-EPMAP) TCP all ports, Winmgmt (Windows Management Instrumentation service) Windows Management Instrumentation (WMI-in)
There is already a started GPO that has all the required settings to facilitate your task. So use it and make a new GPO that will open all the appropriate ports in your environment. It is a best practice to create a new GPO from this Starter GPO and link the GPO to your domain, at a higher precedence than the Default Domain GPO, in order to configure all computers in the domain to enable a remote Group Policy refresh.
Page 2
3- youll be prompted to confirm that you want to run the update. Click Yes and youre done.
Page 3
You can also use PowerShell to achieve the same results. for example, if you wanted to force the update on a single computer. you would use the following command:
to force the update on a complete OU, you would combine the Get-ADComputer with the InvokeGPUpdatecmdlet and set the -RandomDelayInMinutes to 0. For example, to force a refresh of all Group Policy settings for all computers in the Montreal OU of the PRlab.com domain, type the following:
Get-ADComputer filter * -Searchbase "ou=Montreal, dc=prlab,dc=com" | foreach{ Invoke-GPUpdate computer $_.name force -RandomDelayInMinutes 0}
Page 4
In Windows Server 2012 the Group Policy Management Console (GPMC) has been enhanced to provide a report on the overall health state of the Group Policy infrastructure for a domain or to scope the health view down to a single GPO. New for Windows Server 2012 is a graphical reporting feature in GPMC that allows you to choose a baseline domain controller for comparison and see the current Group Policy replication status along with any synchronization details when a comparison finds a differential from the baseline domain controller.
replication status of all the GPOs. Click the selected domain. For a single GPO, in the GPMC console tree, navigate to the Group Policy Objects container. Expand the Group Policy Objects container and click the GPO for which you want to check the replication status.
2. 3.
Click the Status tab in the results pane. Click the Detect Now button to gather infrastructure status from all of the domain controllers in this domain.
This will display the status of Active Directory and SYSVOL replication as it relates to all Group Policy Objects or a single Group Policy Object.
Page 5
What works differently? In Windows Server 2012, you no longer need to download and run a separate tool for monitoring and diagnosing replication issues related to Group Policy at the domain level. Potential differences that can be viewed by using the Group Policy infrastructure status are:
Active Directory and SYSVOL security descriptor (ACL details) Active Directory and SYSVOL GPO version details Number of GPOs listed in Active Directory and SYSVOL for each domain controller
Page 6
2-Double-click Group Policy Client to open the Group Policy Client Properties (Local Computer) dialog box.
Page 7
o o o
Set the Startup type to Automatic click Apply and then click the Start button.
Once thats done you can edit the Local policy using the Group Policy Object Snap -in in the MMC console.
Page 8