9.2. Creating a GPO

Problem

You want to create a GPO to force users to have a particular desktop configuration or provision configuration settings on workstations or servers.

Solution

Using a graphical user interface

  1. Open the GPMC snap-in.

  2. In the left pane, expand the Forest container, expand the Domains container, and browse to the domain of the target GPO.

  3. Right-click on the Group Policy Objects container and select New.

  4. Enter the name of the GPO and click OK.

Using a command-line interface

> creategpo.wsf <GPOName> [/domain:<DomainDNSName>]

Using VBScript

' This code creates an empty GPO.
' ------ SCRIPT CONFIGURATION ------
strGPO      = "<GPOName>"        ' e.g. Sales GPO
strDomain   = "<DomainDNSName>"  ' e.g. rallencorp.com
' ------ END CONFIGURATION ---------

set objGPM = CreateObject("GPMgmt.GPM")
set objGPMConstants = objGPM.GetConstants( )
  
' Initialize the Domain object
set objGPMDomain = objGPM.GetDomain(strDomain, "", objGPMConstants.UseAnyDC)

' Create the GPO and print the results
set objGPO = objGPMDomain.CreateGPO( )
WScript.Echo "Successfully created GPO"
objGPO.DisplayName = strGPO
WScript.Echo "Set GPO name to " & strGPO

Discussion

When you create a GPO through the GPMC, it is initially empty with no settings or links configured. See Recipe 9.6 for more on modifying GPO settings, and Recipe 9.12 for creating a link.

Using VBScript

To create a GPO, I first instantiate a GPMDomain object for the domain to add the GPO to. This is accomplished with the GPM.GetDomain method. Then it is just ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial