The Group Policy Management Console (GPMC) unifies Group Policy management across an enterprise. Before the GPMC, administrators had to use several tools to manage Group Policy. These tools included the Active Directory Users and Computers snap-in, the Active Directory Sites and Services snap-in, the Resultant Set of Policy snap-in, the GPMC Delegation Wizard, and the ACL Editor. The GPMC integrates the existing Group Policy functionality exposed in these tools into a single console, along with the following new capabilities:
- A user interface that makes it easier to use and manage Group Policy objects (GPOs).
- Backup, restore, import, and copy Group Policy objects (GPOs).
- Simplified management of Group Policy-related security
- Reporting for GPO settings and Resultant Set of Policy (RSoP) data.
- Programmatic access to the preceding GPO operations. Note that it is not possible to programmatically set individual policy settings within a GPO.
- The following information describes the Group Policy Management Console (GPMC) scripting samples. These samples were originally found in the '%programfiles% Gpmc Scripts' directory after you installed the GPMC, and now can be found on the TechNet Code Gallery. You can execute the scripts at the command prompt.
- I have to set the local group policy settings and the the local security policy for a couple of machines which are not in a Windows domain. Until now, I've done that by manually setting the keys in gpedit. Due to the transition to Windows 10, I would like to automate that and use a batch or PowerShell script to set them.
- The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you.
Windows-based applications can use the Group Policy infrastructure to manage Group Policy in Active Directory. Programmatic access is enabled by the GPMC, which consists of a new Microsoft Management Console (MMC) snap-in and a set of programmable interfaces for managing Group Policy. GPMC and its interfaces can manage domains using Active Directory.
GPMC simplifies the management of Group Policy by making it easier to understand, deploy, manage, and troubleshoot Group Policy implementations. GPMC also enables automation of Group Policy operations via scripting. GPMC can be used to manage Windows Server 2003 as well as Windows 2000-based Group Policy implementations.
The GPMC includes a set of programmable interfaces designed for use by administrators who write scripts and for use by C/C++ programmers. Familiarity with Active Directory is required. The sample scripts provided when you install the GPMC form the basis for a scripting toolkit that Group Policy administrators can use to manage an organization.
The computer on which the GPMC interfaces are used must be running Windows XP with Service Pack 1 (SP1) or later versions of Windows. To run the GPMC interfaces on Windows XP with SP1, you must also install hotfix 326469 and the Microsoft .NET Framework.
How To Access Group Policy
The GPMC is available as a free download from the Microsoft Download Center for users with a licensed copy of a Windows Server operating system.
In this section
Sure, Microsoft does quite a good job showing you have to migrate GPOs across domains and they also have their Migrating GPOs Across Domains with GPMC document which I recommend.
But here’s a short recap how to do it if you have two separate domains which are not trusted using the Backup method.
- In the source domain, right-click the GPO you want to migrate and choose Backup…
- Backup to a directory of your choice and Comment.
- You can continue backing up several GPOs to the same directory.
Group Policy In Windows 7
- Copy the directory to the destination domain. Then you can either import the GPOs one-by-one or all of them with the same name as they had in the source:
- Import one-by-one:
- Create a new GPO.
- Right-click the GPO and choose Import Settings…
- Choose the backup folder you copied.
- Choose which GPO you want to import.
- Download ImportAllGPOs.wsf script found in Group Policy Management Console Sample Scripts which you can download here.
- Open an elevated cmd.exe and cd to “C:Program Files (x86)Microsoft Group PolicyGPMC Sample Scripts” and run:
- cscript.exe ImportAllGPOs.wsf “<Location of extracted GPO Backup folder>”
This is quite basic, but what if you have groups or UNC paths referenced in your GPOs which are different in source and target domain? Instead of editing them manually once they are imported you can use the Migration Table Editor to create a file that will change the values for you.
This is for another post, but in the meantime, read the Migrating GPOs Across Domains with GPMC document.