If you have ever worked with PowerShell, you probably already know that basically anything about the Windows operating system can be manipulated from this fancy blue command-line interface. The same is true for client operating systems as well as servers. Most roles that we implement in Windows Server can be manipulated via GUI or via PowerShell. You are able to tap into the same settings and functionality either way. Active Directory and Group Policy are no different; there are all kinds of PowerShell commands and cmdlets available for interacting with your domain's directory technologies.
In this chapter, we will cover many examples of those cmdlets. The settings, GPOs, links, and permissions that we configure will be things that we have done in this book already, formerly by utilizing GPMC. Now we turn to PowerShell to showcase the capability to perform all of these same tasks from that interface. This allows you to easily save and script common tasks, or to replicate the same task numerous times. Perhaps you have a need to tweak some permission setting on all of the GPOs in your environment, granting or denying a specific user or group to that GPO. If you have hundreds of GPOs, that feels like a daunting task. With some creative PowerShell, this can be scripted and accomplished in an automated fashion while you sip your latte and pretend to be working.
While you could launch PowerShell and utilize it right on a Domain Controller server, there is a lot of inherent risk with taking that approach. Any command-line interface run directly from a server opens up doors into areas of the operating system that you may not want opened. Instead, we are going to use my Windows 10 management workstation where the RSAT tools are installed. I mention this because, once again, using a newer operating system gives us the most functionality. PowerShell has existed inside Windows for many years, but it has been enhanced over those years, and so capabilities of PowerShell in Windows 7 are not on par with capabilities of PowerShell in Windows 10. We will assume that you are going to take the recommended approach and utilize an updated workstation for Group Policy management via PowerShell.
The following topics will be covered in this chapter:
- Importing PowerShell Group Policy modules
- PowerShell for GPOs and Links
- GPO Information and Reporting
- GPO Permissions via PowerShell
- PowerShell to back up and restore GPOs
- Remotely running GPUpdate
- Using PowerShell Help
- Summary