1. Managing GPO Link Order of Processing
When an Active Directory container has
multiple GPOs linked to it, a specific order of processing will occur.
In some instances, the set of linked GPOs can have some conflicting
settings, and the order of GPO processing must be modified to produce
the desired result. When reviewing both the Linked Group Policy Objects
Link order on a container or the Group Policy Inheritance Precedence
order, the Group Policies will be applied in a countdown sequence
ending with the number 1 policy being applied last. Group Policy Link
Order is inherited down from any parent or domain container and can
only be adjusted on the actual domain or container the GPO is linked
to. To change the GPO link order of processing, follow these steps:
1. Log on to a designated Windows Server 2012 administrative system.
2. Open the Group Policy Management Console.
3. Expand the Forest and Domains or Sites node to expose the container with multiple GPOs linked.
4. Select the desired container.
5. In the right pane, select the Linked Group Policy Objects tab.
Note
When the order is presented, the policy with
the highest numeric value is applied first and the remainder of the
policies are applied sequentially and numerically. The GPO listed as
number 1 in the link order is processed last.
6.
If the placement or order of a particular GPO needs to be changed,
select the GPO and click one of the following buttons on the left:
• Move Link to Top is a double up arrow.
• Move Link Up is a single up arrow.
• Move Link Down is single down arrow.
• Move Link to Bottom is a double down arrow.
7. When the GPO links are in the correct order, the task is complete.
2. Viewing GPO Settings and Creating Reports
One of the great features of the GPMC is the
ability to view GPO settings from within the window, and to save the
settings to share with others as HTML files. To view the settings of a
particular GPO, follow these steps:
1. Log on to a designated Windows Server 2012 administrative system.
2. Open the Group Policy Management Console.
3. Expand the forest and domain to expose the Group Policy Objects container and expand it.
4. Select the desired GPO in the tree pane and select the Settings tab in the right pane.
5. Browse the settings by expanding the sections using the Hide and Show hyperlinks.
6. To save the settings to an XML or HTML file, right-click the desired GPO in the left pane, and click Save Report.
7. Specify
the location in which to save the GPO report, choose Save the File as
an HTML or an XML File, and click Save to save the file.
3. Backing Up and Restoring Domain GPOs
Backing up GPOs is a task that should be
performed regularly. This section contains step-by-step instructions to
back up and restore domain group policies.
Backing Up All Domain GPOs
To back up all domain GPOs, follow these steps:
1. Open Windows PowerShell on an administrative system with the Group Policy Management Tools installed.
2. Type Import-Module GroupPolicy and press Enter.
3. Type Backup-GPO –Path C:\GPOBackup -All
and press Enter to back up all GPOs the C:\GPOBackup folder on the
local system. The path to the backup folder must exist before running
this command or else the task will fail.
Backing Up a Single Domain GPO
1. Open Windows PowerShell on an administrative system with the Group Policy Management Tools installed.
2. Type Import-Module GroupPolicy and press Enter.
3. Type Backup-GPO –Path C:\GPOBackup –Name MyNewGPO
and press Enter to back up the single GPO named MyNewGPO the
C:\GPOBackup folder on the local system. The path to the backup folder
must exist before running this command or else the task will fail.
Restoring a Domain GPO
Restoring a domain GPO can be performed to
revert a GPO to a previously backed-up state or to recover from a
domain GPO deletion.
To restore a deleted domain GPO, follow these steps:
1. Log on to a designated Windows Server 2012 administrative workstation.
2. Open the Group Policy Management Console.
3. Expand the forest and domain to expose the Group Policy Objects container and select it.
4. Right-click the Group Policy Objects container, and select Manage Backups.
5. Browse to or specify the domain GPO backup location to load the GPO backup set.
6. Select the desired GPO object.
7. If a filtered view is desired, check the Show Only the Latest Version of Each GPO check box.
8. To view the
settings of a particular backed-up GPO, select the desired GPO, and
click the View Settings button. Close the browser window after
reviewing the settings.
9. After the desired GPO is determined, select the GPO and click the Restore button.
10. Click OK in the Restore confirmation dialog box to restore the GPO.
11. Review the GPO restore progress, and click OK when it is finished.
12. After all the necessary GPOs are restored, close the Manage Backups window and re-create the links as required.
Note
Restoring a domain GPO from a backup does not
re-create or restore any links previously associated with that GPO. GPO
links must be re-created and reconfigured manually, but they can be
referenced by viewing the settings within the GPO backup using GPMC.
To change an existing domain GPO to a previously backed-up version, follow these steps:
1. Log on to a designated Windows Server 2012 administrative system.
2. Open the Group Policy Management Console.
3. Expand the domain to expose the Group Policy Objects container and select it.
4. Locate and right-click the desired domain GPO, and select Restore from Backup.
5. In the Restore Group Policy Object Wizard window, click Next on the Welcome page.
6. On the next page, browse to or specify the domain GPO backup location and click Next.
7. To view the
settings of a particular backed-up GPO, select the desired GPO, and
click the View Settings button. Close the browser window after
reviewing the settings.
8. After the desired GPO is determined, select the GPO, and click Next.
9. Review the settings summary on the Completing the Restore GPO Wizard page, and click Finish to start the restore process.
10. Review the GPO restore progress, and click OK when it is finished.