-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCreateGPO.txt
292 lines (226 loc) · 8.48 KB
/
CreateGPO.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
#requires -Module GroupPolicy
#region help text
<#
.SYNOPSIS
Creates an unlinked Group Policy Object from an imported CSV file.
If the Group Policy Object exists, linked or unlinked, it is updated with the
settings from the imported CSV file.
.DESCRIPTION
Creates an unlinked Group Policy Object from an imported CSV file.
The CSV file is created using Darren Mar-Elia's Registry .Pol Viewer Utility
https://sdmsoftware.com/gpoguy/gpo-freeware-registration-form/
The Registry.pol files only contain settings from the Administrative Templates
node in the Group Policy Management Console.
This script is designed for consultants and trainers who may create Group Policies
in a lab and need a way to recreate those policies at a customer or training site.
The GroupPolicy module is required for the script to run.
On a server, Group Policy Management must be installed.
On a workstation, RSAT is required.
Remote Server Administration Tools for Windows 7 with Service Pack 1 (SP1)
http://www.microsoft.com/en-us/download/details.aspx?id=7887
Remote Server Administration Tools for Windows 8
http://www.microsoft.com/en-us/download/details.aspx?id=28972
Remote Server Administration Tools for Windows 8.1
http://www.microsoft.com/en-us/download/details.aspx?id=39296
Remote Server Administration Tools for Windows 10
http://www.microsoft.com/en-us/download/details.aspx?id=45520
.PARAMETER PolicyName
Group Policy Name.
This is a required parameter.
This parameter has an alias of PN.
.PARAMETER PolicyType
The type of Group Policy settings to import.
M - Machine (Computer)
C - Machine (Computer)
U - User
This is a required parameter.
This parameter has an alias of PT.
Default is Machine.
If a Group Policy is to contain both Computer and User settings, there will be
two .Pol files. One for Machine (Computer) settings and a separate .Pol file
for User settings. Each .Pol file is named Registry.pol. The CSV files will need
to be have different names. There will then be two CSV files to import.
The script will detect if the Group Policy Name exists and if it does, the next
set of settings will be added to the existing script.
If the Group Policy Name does not exist, a new Group Policy is created with the
imported settings.
.PARAMETER CSVFile
CSV file created by Registry PolViewer utility.
This is a required parameter.
The parameter has an alias of CSV.
The CSV file will contain either Machine or User policy settings. It should
contain both.
.EXAMPLE
PS C:\PSScript > .\CreateGPO.ps1 -PolicyName "Sample Policy Name" -PolicyType M -CSVFIle C:\PSScript\GPOMSettings.csv
Darren's PolViewer.exe utility is used first to create the
C:\PSScript\GPOMSettings.csv file.
If a Group Policy named "Sample Policy Name" does not exist, a policy will be
created using the Machine settings imported from the GPOMSettings.csv file.
If a Group Policy named "Sample Policy Name" exists, the policy will be
updated using the Machine settings imported from the GPOMSettings.csv file.
.EXAMPLE
PS C:\PSScript > .\CreateGPO.ps1 -PolicyName "Sample Policy Name" -PolicyType U -CSVFIle C:\PSScript\GPOUSettings.csv
Darren's PolViewer.exe utility is used first to create the
C:\PSScript\GPOUSettings.csv file.
If a Group Policy named "Sample Policy Name" does not exist, a policy will be
created using the User settings imported from the GPOUSettings.csv file.
If a Group Policy named "Sample Policy Name" exists, the policy will be
updated using the User settings imported from the GPOUSettings.csv file.
.INPUTS
None. You cannot pipe objects to this script.
.OUTPUTS
No objects are output from this script.
This script creates or updates a Group Policy Object.
.NOTES
NAME: CreateGPO.ps1
VERSION: 1.00
AUTHOR: Carl Webster
LASTEDIT: March 18, 2016
#>
#endregion
#region script parameters
[CmdletBinding(SupportsShouldProcess = $False, ConfirmImpact = "None", DefaultParameterSetName = "Machine") ]
Param(
[parameter(ParameterSetName="Machine",Mandatory=$True)]
[parameter(ParameterSetName="User",Mandatory=$True)]
[Alias("PN")]
[ValidateNotNullOrEmpty()]
[String]$PolicyName,
[parameter(ParameterSetName="Machine",Mandatory=$True,
HelpMessage="Enter M or C for Machine or U for User")]
[parameter(ParameterSetName="User",Mandatory=$True,
HelpMessage="Enter M or C for Machine or U for User")]
[Alias("PT")]
[String][ValidateSet("M", "C", "U")]$PolicyType="M",
[parameter(ParameterSetName="Machine",Mandatory=$True,
HelpMessage="Enter path to CSV file.")]
[parameter(ParameterSetName="User",Mandatory=$True,
HelpMessage="Enter path to CSV file.")]
[Alias("CSV")]
[ValidateNotNullOrEmpty()]
[String]$CSVFile
)
#endregion
#region script change log
#webster@carlwebster.com
#@carlwebster on Twitter
#http://www.CarlWebster.com
#Created on November 7, 2015
#released to the community on 18-Mar-2016
#endregion
#region initial variable testing and setup
Set-StrictMode -Version 2
If(!(Test-Path $CSVFile))
{
Write-Error "$(Get-Date): CSV file $($CSVFile) does not exist.`n`nScript cannot continue"
Exit
}
#endregion
#region functions
Function SetPolicySetting
{
Param([string]$Key, [string]$ValueName, [string]$ValueType, $Data)
If($Key -eq "" -or $ValueName -eq "" -or $ValueType -eq "" -or $Null -eq $Key -or $Null -eq $ValueName -or $Null -eq $ValueType)
{
#failure
Write-Warning "$(Get-Date): Missing data: `nKey: $($Key) `nValueName: $($ValueName) `nValueType: $($ValueType) `nData: $($Data)`n`n"
}
Else
{
#Specifies the data type for the registry-based policy setting. You can specify one of the following data
#types: String, ExpandString, Binary, DWord, MultiString, or Qword.
$NewType = ""
$NewData = ""
Switch ($ValueType)
{
"REG_DWORD" {$NewType = "DWord"; $NewData = Invoke-Expression ("0x" + $Data)}
"REG_SZ" {$NewType = "String"; $NewData = $Data}
"REG_EXPAND_SZ" {$NewType = "ExpandString"; $NewData = $Data}
"REG_BINARY" {$NewType = "Binary"; $NewData = $Data}
"REG_MULTI_SZ" {$NewType = "MultiString"; $NewData = $Data}
"REG_QDWORD" {$NewType = "QWord"; $NewData = Invoke-Expression ("0x" + $Data)}
}
If($PolicyType -eq "M" -or $PolicyType -eq "C")
{
$NewKey = "HKLM\$($Key)"
}
ElseIf($PolicyType -eq "U")
{
$NewKey = "HKCU\$($Key)"
}
$results = Set-GPRegistryValue -Name $PolicyName -key $NewKey -ValueName $ValueName -Type $NewType -value $NewData -EA 0
If($? -and $Null -ne $results)
{
#success
Write-Host "$(Get-Date): Successfully added: $($NewKey) $($ValueName) $($NewType) $($NewData)"
}
Else
{
#failure
Write-Warning "$(Get-Date): Problem adding: $($NewKey) $($ValueName) $($NewType) $($NewData)"
}
}
}
#endregion
Write-Host "Processing $($PolicyName) Group Policy Object"
$results = Get-GPO -Name $PolicyName -EA 0
If($? -and $results -ne $Null)
{
#gpo already exists
Write-Host
Write-Host "$(Get-Date): $($PolicyName) exists and will be updated"
Write-Host
}
ElseIf(!($?) -and $results -eq $Null)
{
#gpo does not exist. Create it
$results = New-GPO -Name $PolicyName -EA 0
If($? -and $results -ne $null)
{
#success
Write-Host
Write-Host "$(Get-Date): $($PolicyName) does not exist and will be created"
Write-Host
}
Else
{
#something went wrong
Write-Error "$(Get-Date): Unable to create a GPO named $($PolicyName).`n`nScript cannot continue"
Exit
}
}
Else
{
#error
Write-Error "$(Get-Date): Error verifying if GPO $($PolicyName) exists or not.`n`nScript cannot continue"
Exit
}
Write-Host "$(Get-Date): Read in CSV file"
Write-Host
$Settings = Import-CSV $CSVFile
If($? -and $Settings -ne $Null)
{
#success
Write-Host "$(Get-Date): Setting policy settings"
Write-Host
ForEach($Setting in $Settings)
{
SetPolicySetting $Setting.'Registry Key' $Setting.'Registry Value' $Setting.'Value Type' $Setting.Data
}
}
ElseIf($? -and $Settings -eq $Null)
{
#success but no contents
Write-Warning "$(Get-Date): CSV file $($CSVFile) exists but has no contents.`n`nScript cannot continue"
Exit
}
Else
{
#failure
Write-Error "$(Get-Date): Error importing CSV file $($CSVFile).`n`nScript cannot continue"
Exit
}
Write-Host
Write-Host "$(Get-Date): Successfully created/updated GPO $($PolicyName)"
Write-Host
Get-GPO -Name $PolicyName