9.2. Creating a GPO
Problem
You want to create a GPO to force users to have a particular desktop configuration or provision configuration settings on workstations or servers.
Solution
Using a graphical user interface
Open the GPMC snap-in.
In the left pane, expand the Forest container, expand the Domains container, and browse to the domain of the target GPO.
Right-click on the Group Policy Objects container and select New.
Enter the name of the GPO and click OK.
Using a command-line interface
> creategpo.wsf <GPOName
> [/domain:<DomainDNSName
>]
Using VBScript
' This code creates an empty GPO. ' ------ SCRIPT CONFIGURATION ------ strGPO = "<GPOName
>" ' e.g. Sales GPO strDomain = "<DomainDNSName
>" ' e.g. rallencorp.com ' ------ END CONFIGURATION --------- set objGPM = CreateObject("GPMgmt.GPM") set objGPMConstants = objGPM.GetConstants( ) ' Initialize the Domain object set objGPMDomain = objGPM.GetDomain(strDomain, "", objGPMConstants.UseAnyDC) ' Create the GPO and print the results set objGPO = objGPMDomain.CreateGPO( ) WScript.Echo "Successfully created GPO" objGPO.DisplayName = strGPO WScript.Echo "Set GPO name to " & strGPO
Discussion
When you create a GPO through the GPMC, it is initially empty with no settings or links configured. See Recipe 9.6 for more on modifying GPO settings, and Recipe 9.12 for creating a link.
Using VBScript
To create a GPO, I first instantiate a GPMDomain
object for the domain to add the GPO to. This is accomplished with
the GPM.GetDomain
method. Then it is just ...
Get Active Directory Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.