import-module grouppolicy
Now you can use the following cmdlets to ease the Group Policy permission administration.
- Get-GPPermissions (used to query permissions on GPOs)
- Set-GPPermissions (used to apply permissions on GPOs)
In Windows Server 2012 the cmdlets will be without the s like "Get-GPPermission", but the old cmdlets also work, because Microsoft created an alias.
Find some examples to set permissions on GPOs.
This cmd sets the permission level for the "Test Users" security group to GpoRead for the GPO named "TestGPO1".
Set-GPPermissions -Name TestGPO1 -TargetName "Test Users" -TargetType Group -PermissionLevel GpoRead
The following cmd sets the permission level for the "Sample GPO Read Access" security group to GpoRead on all GPOs in the domain.
Set-GPPermissions -All -TargetName "Sample GPO Read Access" -TargetType Group -PermissionLevel GpoRead
The following cmd sets the permission level for the "Sample GPO Edit Access" security group to GpoEdit on all GPOs in the domain.
Set-GPPermissions -All -TargetName "Sample GPO Edit Access" -TargetType Group -PermissionLevel GpoEdit
To verify that the commands works can use the "Get-GPPermissions" cmdlet to check it. See attached a sample to check if the first Set-GPPermissions command worked:
Get-GPPermissions -Name TestGPO1 -TargetName "Test Users" -TargetType Group
The console will show the following output:
-------------------------------------------
Trustee : Test Users
TrusteeType : Group
PermissionLevel : GpoRead
Inherited : False
--------------------------------------------
Hi there, every time i used to check blog posts here in the early hours in the dawn, as i
ReplyDeletelove to gain knowledge of more and more.