Group Policy can be very overwhelming! Very few tools come equipped right out of the box with so much potential (and potential to blow things up). Before you dive too deep into Group Policy, you need to do these three things.
Monthly Archives: March 2013
How To: Safely Demote a Domain Controller
I see a couple of common questions every day on Experts-Exchange and TechNet Forums. The common theme in each question is that the answer isn’t easily found in one place. As in this post, Microsoft documents the process of demoting a DC in seven different Knowledge Base articles. The next few posts will cover these common questions and the resources to solve them.
How can I safely demote a domain controller? Continue reading
Policy or Preference?
With every additional option added, complexity is increased. As an example, look no further than Group Policy. Back in 2005, life was simple. Group Policy Preferences didn’t yet exist. The next year, Microsoft bought Desktop Standard. Suddenly, we had two ways of doing things. Though a good thing, choosing between two ways can be difficult at times. Let’s look at the differences.
GPResult Command or RSOP?
From Windows 2000 through Vista, the go to tool for troubleshooting Group Policy on the client was RSOP.msc. The GPResult command was always, at least for me, a second choice in troubleshooting. Yes, GPResult had unique features and was certainly useful at times. But the similar interfaces between RSOP.MSC and the Group Policy Management Editor made troubleshooting so much easier.
The times had to change. With the complete rebuild of the GPResult command, administrators need to learn a whole new set of commands and actions.
Optimizing GPO Links with PowerShell
Windows Performance Analyzer (WPA) has opened my eyes to a lot of things in the past week! For one, 30 seconds of our 40 second login was being eaten by GPClient. I noticed that we had a lot of GPOs linked to high level OUs even though only a few machines actually needed the policy.
The picture above shows an example. So how can I automatically find out what computers need which policy and then relink the GPO closer? Let’s script it!