programming4us
programming4us
DESKTOP

Windows Server 2008 and Windows Vista : Filtering Administrative Templates in the GPME, Reporting on GPOs

- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire

1. Filtering Administrative Templates in the GPME

The search tool is designed to find specific GPOs that match specified criteria. As an alternative to using the search tool, you can also filter settings within a GPO to restrict what you see in the Group Policy Management Editor (GPME). As stated, the filter tool is per GPO, whereas the search tool is per forest or domain, so the scope of the two tools is quite different.

Within the GPME, you can filter on Administrative Template settings only. If you right-click the Administrative Templates node in the GPME, you can click Filter Options to open the Filter Options dialog box, as shown in Figure 1.

Figure 1. The Filter Options dialog box allows you to limit the number of Administrative Template settings you view within the GPME for optimized configuration of GPO settings.

Filter Options

The filter tool allows you to search on nearly every possible detail within the Administrative Templates settings, both Computer and User. Each element of the filter tool is described here.

  • Managed These are GPO settings that fall under the Policies categories for both Computer Configuration and User Configuration. These settings are volatile because they are located in a special part of the registry that is dynamic. The setting allows you to focus on GPO settings that are managed or not managed.

  • Configured By default, no GPO settings are configured. They appear as Not Configured in the interface. As soon as a setting is enabled, disabled, or set to anything but Not Configured, they will appear in the Configured category.

  • Commented All GPO settings can have a comment associated with them. These comments are excellent for tracking, documenting, and troubleshooting. Not all GPOs need to have comments, which is why it is good to have a filter that allows you to view only those settings that have a comment associated with them.

  • Enable Keyword Filters The keyword filter allows you to search for settings that are more general. For example, you might want to find all settings that contain the words Internet, security, or desktop. This filter can examine the Policy Setting Title, Explain Text, and Comment and allows you to specify any combination of these settings for searching.

  • Enable Requirements Filters The requirements filter allows you to focus on the technology that the policy setting controls, such as Microsoft Internet Explorer, as well as the version of the technology supported. The possible platforms that can be configured for the requirements filter include: options related to BITS, Internet Explorer, the Windows Server 2008 family, the Microsoft Windows Server 2003 family, the Windows 2000 family, the Windows XP family, the Windows Vista family, Windows Installer, Windows Media Player, and more.

Filter Option Operators

Each section in the Filter Options dialog box has a set of operators that also must be configured. These options allow you to include or exclude GPO settings from your filter. Table 1 lists the operators available for each filter area.

Table 1. Filter Options Operators
Type of Policy SettingOperators
ManagedAny

Yes

No
ConfiguredAny

Yes

No
CommentedAny

Yes

No
Enable Keyword Filters (for keyword text that is entered)Any

All

Exact
WithinPolicy Setting Title

Explain Text

Comment
Enabled Requirements FiltersInclude settings that match any of the selected platforms. Include settings that match all of the selected platforms.

2. Reporting on GPOs

You can use two different methods to run reports on GPOs within the GPMC. The first is a real-time view of the GPO settings that are currently configured in the GPO, which lets you view settings without having to search through the GPO for them. The second view is a slightly different view of the GPO, including not just the settings, but also the links, delegation, filtering, and so on. This view is excellent for documentation of the GPO’s current state.

The first view of the GPO is built directly into the interface. It is referred to as the Settings report and is located in the details pane of the GPMC window. To view the Settings report for any of the GPOs, follow these steps:

1.
In the GPMC, expand the forest node, and then expand the domain node.

2.
Expand the Group Policy Objects node.

3.
Select the GPO for which you want to see a report.

4.
In the details pane, click the Settings tab.

5.
In the Internet Explorer warning dialog box, click Close or Add. (This step might be optional, depending on your Internet Explorer security settings.)

You will see the full list of settings within the GPO, for both Computer Configuration and User Configuration, as shown in Figure 2.

Figure 2. The Settings report summarizes all of the settings in the GPO, for both Computer Configuration and User Configuration.

The second report that you can run for a GPO is not as interactive as the Settings report, but it is more thorough and ideal for documentation of all GPOs.

Best Practices

It is a good idea to save reports for every GPO periodically, for documentation and disaster recovery of all GPOs. Because the saved reports of a GPO include all essential information about the GPO, they provide an excellent tool for troubleshooting in case of an errant setting or even complete disaster of your Group Policy infrastructure. You should print the reports and keep them in a binder in the server room for quick reference. You could also use the HTML reports on a secure intranet site that only the administrators and Help desk staff have access to for remote access to the settings in all GPOs.


To run a report that you can save to HTML or XML format, follow these steps:

1.
In the GPMC, expand the forest node, and then expand the domain node.

2.
Expand the Group Policy Objects node.

3.
Right-click the GPO for which you want to save a report, and then click Save Report. The Save GPO Report dialog box appears.

4.
Click Browse Folders, select the location where the report will be saved, type a name for the report in the File Name box, and then select a file type (HTML or XML) from the Save As Type list.

5.
Click Save.

After the report is saved, browse to the location where you saved it and double-click it to open it in Internet Explorer. HTML reports are extremely useful for routine viewing of the GPO and the settings. Figure 3 shows what a typical report includes.

Figure 3. Reports that are generated from the GPMC contain essential information about the GPO, excellent for disaster recovery or troubleshooting.

Note that the report contains almost every bit of information that you would want to document for the GPO. Table 2 lists the contents of the saved GPO report.

Table 2. Saved Report Information
Report SectionDetails Included
General - DetailsDomain affiliation

Owner of GPO

Created and modified dates of GPO

User and computer versions

GUID of GPO

Status of GPO
General - LinksList of all GPO links to the domain node or organizational units (not including links outside the current domain or to sites)
General - Security FilteringAccess control list of users and groups that will be affected by GPO
General - WMI FilteringList of Windows Management Instrumentation (WMI) filters linked to GPO
General - DelegationSecurity delegation for GPO, including permissions for each user or group
Computer ConfigurationAll GPO settings that fall under the Computer Configuration portion of the GPO, listed by section
User ConfigurationAll GPO settings that fall under the User Configuration portion of the GPO, listed by section

There is little else that you would want to document that the saved report does not provide.

Other  
  •  Windows Server 2008 and Windows Vista : Working with GPOs - Searching GPOs
  •  Windows Server 2008 Server Core : Working with Scripts - Testing Scripts
  •  Windows Server 2008 Server Core : Working with Scripts - Impersonating a User with the RunAs Utility, Changing the Environment
  •  Switching to Microsoft Windows 7 : Migrating Applications and Data to a New Windows 7 Computer (part 2)
  •  Switching to Microsoft Windows 7 : Migrating Applications and Data to a New Windows 7 Computer (part 1)
  •  Switching to Microsoft Windows 7 : Migrating Data on a Single Computer
  •  The Download Directory - November 2012 (Part 3) - Multiplicity 2.0, LastPass Password Manager 2.0.0
  •  The Download Directory - November 2012 (Part 2) - UltraVNC 1.1.0.0 Beta, Firefox 16 Beta 3, BlueScreenView 1.45 Description: BlueScreenView
  •  The Download Directory - November 2012 (Part 1) - USB Disk Security 6.2, WindowBlinds 7.4
  •  Windows Vista : Migrating User State Data - Developing Migration Files, Using USMT in BDD 2007
  •  
    Top 10
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
    - Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
    - Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
    REVIEW
    - First look: Apple Watch

    - 3 Tips for Maintaining Your Cell Phone Battery (part 1)

    - 3 Tips for Maintaining Your Cell Phone Battery (part 2)
    programming4us programming4us
    programming4us
     
     
    programming4us