How to Deploy a PowerShell Script Using GPO

In this tutorial, you will learn how to deploy a PowerShell Script using GPO to configure your AD DS Server infrastructure.

Group Policy Objects, also known as GPOs, are rules set on an Active Directory domain that are then run on the various devices that use the service. They can apply to either devices or users and determine what software they can install or use, what resources they can access, etc.

How to Deploy a PowerShell Script Using GPO

Before you begin:

To successfully complete this tutorial and deploy a PowerShell script using GPO, you will need to:

• Have registered on the Jotelulu platform and have logged in.
• Have a Windows Server with AD DS Server installed.
• Have an account with administrator privileges.

Part 1 – Preparing the Code

The first thing to do is prepare the PowerShall code that you wish to run. For the purposes of this tutorial, we are going to create a script that maps a network resources for users, but in reality, this method can apply to many other procedures such as printer mapping, deploying software, creating backups, etc.

To map a network drive using PowerShell, use the “New-PSDrive” command. You can find the syntax for this command here at Microsoft Learn.

For this tutorial, we will use the simple syntax shown below:

New-PSDrive –Name “P” –PSProvider FileSystem –Root “\\SW2022NACHO01\Shared” –Persist

Where:

• Name is the name of the drive (a letter) that is used to identify the drive on the system.
• Root is the root folder of the mapped resource.
• Persist indicates that the resource will remain mapped after reboot.

Once you have established the PowerShall command, commands or script that you wish to use, you need to create an executable file. You can do this the same way as you would create any of the classic batch files like “.bat”, “.cmd”, “.vbs”. For PowerShell scripts, the file extension is “.ps1”.

Part 2 – Prepare the Policy for Execution

Next, you need to launch the Group Policy Management Console by running GPMC.msc with administrator privileges. You can also launch the GPMC from the Tools menu of Server Manager.

Next, right-click on the domain name and select the option “Create a GPO in this domain, and Link it here”.

You will then see a window asking for a name for the new GPO.

The, in the Group Policy Manager window, browse for the GPO that you just created, right-click on it and click on “Edit”.

• Startup/Shutdown: To run the PowerShell script whenever the device starts up or shuts down, go to “Computer Settings > Policies > Windows Settings > Scripts (Startup/Shutdown)”.
• Logon/Logoff: To run the PowerShell script whenever a user logs on or off, go to “User Settings > Policies > Windows Settings > Scripts (Logon/Logoff)”.

For this tutorial, we want to run the script whenever the user logs on. So, we will choose the second option. Then, right-click on “Logon” and select “Properties”. Then, click on the “PowerShell scripts” tab.

Conclusion

As you can see in this tutorial, it is fairly simple to create Group Policies that run PowerShell scripts or other commands to trigger actions on domain objects (such as users, groups or devices).

If you would like to find out more about this topic, we recommend checking out the following links, where you will find additional information and some practical examples of what you can achieve with GPOs.

• What are GPOs and What Are They Used for
• PowerShell Commands for Managing GPO Scripts
• How to Configure a GPO for Mapping Shared Drives
• How to Configure a GPO for Printer Mapping
• How to Configure Personal Drives Using a GPO Script
• How to Configure Your Firewall Using a GPO Script
• How to Hide a Disk Drive on Your Server Using the Local Policy Editor

Thanks for reading!