In this tutorial, you will learn how to deploy a PowerShell Script using GPO to configure your AD DS Server infrastructure.
Group Policy Objects, also known as GPOs, are rules set on an Active Directory domain that are then run on the various devices that use the service. They can apply to either devices or users and determine what software they can install or use, what resources they can access, etc.
How to Deploy a PowerShell Script Using GPO
Before you begin:
To successfully complete this tutorial and deploy a PowerShell script using GPO, you will need to:
- Have registered on the Jotelulu platform and have logged in.
- Have a Windows Server with AD DS Server installed.
- Have an account with administrator privileges.
Part 1 – Preparing the Code
The first thing to do is prepare the PowerShall code that you wish to run. For the purposes of this tutorial, we are going to create a script that maps a network resources for users, but in reality, this method can apply to many other procedures such as printer mapping, deploying software, creating backups, etc.
To map a network drive using PowerShell, use the “New-PSDrive” command. You can find the syntax for this command here at Microsoft Learn.
For this tutorial, we will use the simple syntax shown below:
New-PSDrive –Name “P” –PSProvider FileSystem –Root “\\SW2022NACHO01\Shared” –Persist
Where:
- Name is the name of the drive (a letter) that is used to identify the drive on the system.
- Root is the root folder of the mapped resource.
- Persist indicates that the resource will remain mapped after reboot.
Part 1 – Check that the script is correct
Once you have established the PowerShall command, commands or script that you wish to use, you need to create an executable file. You can do this the same way as you would create any of the classic batch files like “.bat”, “.cmd”, “.vbs”. For PowerShell scripts, the file extension is “.ps1”.
Part 2 – Prepare the Policy for Execution
Next, you need to launch the Group Policy Management Console by running GPMC.msc with administrator privileges. You can also launch the GPMC from the Tools menu of Server Manager.
Part 2 – Launch the GPMC from the Tools menu in the Server Manager
Next, right-click on the domain name and select the option “Create a GPO in this domain, and Link it here”.
Part 2 – Select the option to create a GPO in this domain and link it here
You will then see a window asking for a name for the new GPO.
Part 2 – Give the new GPO a name
The, in the Group Policy Manager window, browse for the GPO that you just created, right-click on it and click on “Edit”.
Part 2 – Edit the GPO that you just created
This will open the Group Policy Management Editor, which will show a neutral folder location.
Part 2 – General view of the GPO editor
At this point, you need to decide how you wish to deploy your GPO. You have two options:
- Startup/Shutdown: To run the PowerShell script whenever the device starts up or shuts down, go to “Computer Settings > Policies > Windows Settings > Scripts (Startup/Shutdown)”.
- Logon/Logoff: To run the PowerShell script whenever a user logs on or off, go to “User Settings > Policies > Windows Settings > Scripts (Logon/Logoff)”.
For this tutorial, we want to run the script whenever the user logs on. So, we will choose the second option. Then, right-click on “Logon” and select “Properties”. Then, click on the “PowerShell scripts” tab.
Part 2 – Right-click on “Logon” and select your PowerShell scripts
Lastly, you click on the “Add” button, search for the folder where your script is saved and click on it.
Part 2 – Add the script that you wish to run
Your GPO and script should now be configured. To check this, go to the Group Policy Manager, search for your GPO. Then, check its status and see if it is linked to the script.
Part 2 – Check that the GPO for the script is active
Conclusion
As you can see in this tutorial, it is fairly simple to create Group Policies that run PowerShell scripts or other commands to trigger actions on domain objects (such as users, groups or devices).
If you would like to find out more about this topic, we recommend checking out the following links, where you will find additional information and some practical examples of what you can achieve with GPOs.
- What are GPOs and What Are They Used for
- PowerShell Commands for Managing GPO Scripts
- How to Configure a GPO for Mapping Shared Drives
- How to Configure a GPO for Printer Mapping
- How to Configure Personal Drives Using a GPO Script
- How to Configure Your Firewall Using a GPO Script
- How to Hide a Disk Drive on Your Server Using the Local Policy Editor
Thanks for reading!