would be great if you can demonstrate a script to import a gpo using gpo backup
@uffeibsen8872
Жыл бұрын
Great tutorial. Please make more videos !!!
@davidbourgie2843
2 жыл бұрын
Hi David, in your video "Active Directory Policy Analyzer" can you tell us what is the main goal to use "PolicyRulesFileBuilder.exe" in the directory "PolicyAnalyzer_40" ? is this exe file is complete mandatory to use with policy analyzer ? because this file is noticed by suspicious tks in advance.
@SartinMe
2 жыл бұрын
Afternoon! So the PolicyRulesFileBuilder.exe is a helper component. As you are moving through the application and you've imported all your GPOs into the Policy File Importer you'll click the big Import... button. This calls on the PolicyRulesFileBuilder.exe to create your .PolicyRules files. I am not seeing a virus alert for this file using Windows Defender and Google Drive just indicates that because this is an executable to be careful.
@davidbourgie2843
2 жыл бұрын
@@SartinMe "PolicyRulesFileBuilder.exe" from Policy Analyzer 40 is dubious, so my question is this one have you got Policy Analyzer 3.2 ?
@SartinMe
2 жыл бұрын
@@davidbourgie2843 That I do not have. I took a quick look and was unable to find any archive online where you might find an older version. I'm sorry I can't be of more assistance, but I seldom keep old versions of these types of programs in my archives.
@davidbourgie2843
2 жыл бұрын
@@SartinMe never mind tks for your help anyway.
@SunilKumar-vs2ss
2 жыл бұрын
Need help. domain system can recall only last login single user only account. Any solution? Not able to login with previous user accounts.
@SartinMe
2 жыл бұрын
If I'm understanding you correctly this might be an issue with the "Interactive logon: Number of previous..." configuration under Computer Configuration | Security Settings | Local Policies | Security Options. User RSOP or GPRESULT commands to see if this setting is correct.
@SartinMe
2 жыл бұрын
If caching looks good then check your systems ability to contact the domain. If it can't authenticate a non-cached account you could be dealing with a network issue or a system dis-joined from the domain.
@SunilKumar-vs2ss
2 жыл бұрын
@@SartinMe Very simple, If user has office system at his home and he is doing WFH with the help of VPN. If he faces some issue related to IT then we help him and use Admin credentials to fix the issue. In this case we use "run as different account" to open anything. So here, what happens. As system is at user home. He complete his work n shutdown the system. And next day he can not login on the system as it says.... Your isn't available. We have to get system login with admin credentials by user and ask user to connect VPN. N again we ask user to run any app with "run as different user, so that he csn login on the system with his credentials. System remember last login only. He can't remember previous or second account. I hope, u have got my point. 😊
@SunilKumar-vs2ss
2 жыл бұрын
@@SartinMe Plz Provide me a learning link for better troubleshooting.
@SartinMe
2 жыл бұрын
@@SunilKumar-vs2ss I understand now. There are two things to look into. The first one is the VPN. Depending on the product you can utilize what Cisco calls Start Before Logon (SBL). This allows you to connect to the network prior to actually logging onto the system with your user account. Second issue is the account caching. I would recommend changing the "Interactive logon: Number of previous logons..." to 10 or less. Below is a the Security Technical Implementation Guide (STIG) recommendation. Those are the only two things that come to might that should resolve your issue. Cisco SBL (bit.ly/3vo8tn9) Cached Logon STIG (bit.ly/3vEac83)
@malakapethiyagoda6123
3 жыл бұрын
Hi David, It is really helpful and thanks a lot. could you please share the PS script to extract all the group policy details in here for use.
@SartinMe
3 жыл бұрын
Below are all the scripts! Enjoy. # Get a list of all Computer Objects and OS Get-ADComputer -Filter * -Properties * | Format-Table Name, OperatingSystem -wrap -AutoSize # Backup all GPO $date = Get-Date -Format yyyyMMdd New-Item C:\GPO_Backup -ItemType Directory New-Item C:\GPO_Backup\$date -ItemType Directory $GPOS = Get-GPO -All | Select DisplayName foreach ($GPO in $GPOS) { New-Item C:\GPO_Backup\$date\$GPO -ItemType Directory Backup-GPO -Name $GPO.Displayname -Path C:\GPO_Backup\$date\$GPO } # Create Group Policy Objects New-GPO -Name "Master STIG IE11 Computer v1r19" -Domain "SARTIN.LOCAL" New-GPO -Name "Master STIG IE11 User v1r19" -Domain "SARTIN.LOCAL"
Пікірлер