If you have ever had to go through a number of configurations to get a new set of Group Policy Objects (GPOs) working correctly, one of the biggest inconveniences is frequently going in and out of the Group Policy Editor to manipulate the policies in question. There’s an easy way to make this process a shortcut.
The first thing to understand is the globally unique identifier (GUID) that is associated with every Active Directory object. A GUID is assigned to every GPO, and determining this string is the first step. The GUID is visible in the Details tab of the GPO in question (Figure A).
Figure A
You can copy this field by right-clicking it; you can then put the field into a command string to edit the GPO. The command string launches the Group Policy Editor directly to that object in the directory. The text below is an example command string to edit the GPO shown in Figure A in my private lab:
gpedit.msc /gpobject:”LDAP://CN={0523F1BD-B9F1-469A-87B8-D28E2345BADD},CN=Policies,CN=System,DC=rwvdev,DC=intra”
It’s a little tricky to determine where to put the GUID, so I’ve taken this text example and highlighted where it goes and the domain configuration. Figure B shows where these two pieces of information go in the command string:
Figure B
The green section is where the GUID is inserted, and the yellow section is where the domain information goes (in my case, the RWVDEV.INTRA domain is enumerated).
Then you can save the string as a shortcut or run it interactively to go directly into the editor for the GPO in question. The changes are made live and saved when closed as long as the permissions are in place. This can make frequent changes much easier for testing new configurations.
No comments:
Post a Comment