Ever had to import a GPO on a Windows Server Core Domain Controller without any graphical user interface like the Group Policy Management Console?
This easy step-by-step tutorial helps you to master the task of backing up, importing and linking Group Policy Objects (GPOs) using PowerShell on the command line.
List all Group Policy Objects
List all GPOs to get the exact name of the GPO you want to backup:
1 | Get-GPO -All | ft DisplayName |
1 2 3 4 5 | DisplayName
-----------
Default Domain Policy
Default Domain Controllers Policy
Demo GPO v1.0 |
Backing up a GPO
A GPO backup can be done with a single command:
1 | Backup-GPO -Name "Demo GPO v1.0" -Path "C:\_temp\gpo" |
1 2 3 4 5 6 7 | DisplayName : Demo GPO v1.0 GpoId : a88eb35e-e705-4000-ac57-9e4ea533c54c Id : cbd43014-95bf-472f-9f37-2f6512be9d31 BackupDirectory : C:\_temp\gpo CreationTime : 13.09.2018 15:10:27 DomainName : pwsh.ch Comment : |
Remember the backup id for further use.
The backup id is the name of the folder of the backed up GPO as you can see with the Get-ChildItem cmdlet:
1 | Get-ChildItem -Path "C:\_temp\gpo" |
1 2 3 | Mode LastWriteTime Length Name ---- ------------- ------ ---- d---- 13.09.2018 15:10 {CBD43014-95BF-472F-9F37-2F6512BE9D31} |
Importing a GPO
In order to import a backed up GPO, we need to create an empty GPO first to use it as the target GPO during the import:
1 | New-GPO -Name "Demo GPO v1.0 - Imported" |
1 2 3 4 5 6 7 8 9 10 11 | DisplayName : Demo GPO v1.0 - Imported DomainName : pwsh.ch Owner : PWSH\Domain Admins Id : ab8f89b2-b991-43cf-b3d2-3b7239004715 GpoStatus : AllSettingsEnabled Description : CreationTime : 13.09.2018 15:51:49 ModificationTime : 13.09.2018 15:51:49 UserVersion : AD Version: 0, SysVol Version: 0 ComputerVersion : AD Version: 0, SysVol Version: 0 WmiFilter : |
Now we are able to import our backed up GPO. To do so, we need the backup id I’ve mentioned before and the path to where the backup is stored.
1 | Import-GPO -BackupId "cbd43014-95bf-472f-9f37-2f6512be9d31" -TargetName "Demo GPO v1.0 - Imported" -Path "C:\_temp\gpo" |
1 2 3 4 5 6 7 8 9 10 11 | DisplayName : Demo GPO v1.0 - Imported DomainName : pwsh.ch Owner : PWSH\Domain Admins Id : ab8f89b2-b991-43cf-b3d2-3b7239004715 GpoStatus : AllSettingsEnabled Description : CreationTime : 13.09.2018 15:51:49 ModificationTime : 13.09.2018 15:56:50 UserVersion : AD Version: 1, SysVol Version: 1 ComputerVersion : AD Version: 1, SysVol Version: 1 WmiFilter : |
Linking a GPO
To make the newly imported GPO effective we need to link it to an Organizational Unit (OU). We want our GPLink to be enabled, enforced and the processing order set to 1.
1 | New-GPLink -Target "OU=Admin,DC=pwsh,DC=ch" -Name "Demo GPO v1.0 - Imported" -LinkEnabled Yes -Enforced Yes -Order 1 |
1 2 3 4 5 6 | GpoId : ab8f89b2-b991-43cf-b3d2-3b7239004715 DisplayName : Demo GPO v1.0 - Imported Enabled : True Enforced : True Target : OU=Admin,DC=pwsh,DC=ch Order : 1 |
Alle done! Our GPO has been exported, imported and linked to an OU.