Group Policy Cmdlets in Windows PowerShell
The Windows PowerShell command-line and scripting language can be used to automate many Group Policy tasks, including configuring registry-based policy settings and various Group Policy Management Console (GPMC) tasks. To help you perform these tasks, the Group Policy module for Windows PowerShell provides the cmdlets covered in this section.
You can use these Group Policy cmdlets to perform the following tasks for domain-based Group Policy objects (GPOs):
- Maintain GPOs: GPO creation, removal, backup, reporting, and import.
- Associate GPOs with Active Directory Directory Services (AD DS) containers: Group Policy link creation, update, and removal.
- Set inheritance and permissions on AD DS organizational units (OUs) and domains.
- Configure registry-based policy settings and Group Policy Preferences Registry settings.
Group Policy Cmdlet Prerequisites
To use the Windows PowerShell cmdlets for Group Policy, you must be running one of the following:
Windows Server 2008 R2 on a domain controller
–or–
Windows Server 2008 R2 on a member server that has the GPMC installed
–or–
Windows® 7 with Remote Server Administration Tools (RSAT) installed. (RSAT includes the GPMC and the Group Policy cmdlets)
Getting Started with the Group Policy Cmdlets
You must use the import-module grouppolicy command to import the Group Policy module before you use the Group Policy cmdlets. You can also modify your Windows PowerShell profile to import the Group Policy module every time you start a session. For more information, see about_Modules.
You can use the get-command –module grouppolicy to get a list of all Group Policy commands.
You can get help for all Group Policy commands at once by using the get-command –module grouppolicy | get-help command.
 Note |
|---|
| For more information about the Group Policy cmdlets, you can use the get-help<cmdlet-name> and get-help<cmdlet_name>-detailed commands to display basic and detailed help, respectively.
Because the information displayed by the get-help cmdlet can span many screens, the help alias is provided to display the first page of information. You can then press the spacebar to view subsequent pages of information. This has the same effect as using the more command—for example, get-help <your parameters> | more. |
Group Policy Cmdlets
| Name | Description |
|---|---|
| Backup-GPO | Backs up one GPO or all the GPOs in a domain. |
| Copy-GPO | Copies a GPO. |
| Get-GPInheritance | Retrieves Group Policy inheritance information for a specified domain or OU. |
| Get-GPO | Gets one GPO or all the GPOs in a domain. |
| Get-GPOReport | Generates a report in either XML or HTML format for a specified GPO or for all GPOs in a domain. |
| Get-GPPermissions | Gets the permission level for one or more security principals on a specified GPO. |
| Get-GPPrefRegistryValue | Retrieves one or more registry preference items under either Computer Configuration or User Configuration in a GPO. |
| Get-GPRegistryValue | Retrieves one or more registry-based policy settings under either Computer Configuration or User Configuration in a GPO. |
| Get-GPResultantSetOfPolicy | Outputs the Resultant Set of Policy (RSoP) information to a file, for a user, a computer, or both. |
| Get-GPStarterGPO | Gets one Starter GPO or all Starter GPOs in a domain. |
| Import-GPO | Imports the Group Policy settings from a backed-up GPO into a specified GPO. |
| New-GPLink | Links a GPO to a site, domain, or OU. |
| New-GPO | Creates a new GPO. |
| New-GPStarterGPO | Creates a new Starter GPO. |
| Remove-GPLink | Removes a GPO link from a site, domain, or OU. |
| Remove-GPO | Deletes a GPO. |
| Remove-GPPrefRegistryValue | Removes one or more registry preference items from either Computer Configuration or User Configuration in a GPO. |
| Remove-GPRegistryValue | Removes one or more registry-based policy settings from either Computer Configuration or User Configuration in a GPO. |
| Rename-GPO | Assigns a new display name to a GPO. |
| Restore-GPO | Restores one GPO or all GPOs in a domain from one or more GPO backup files. |
| Set-GPInheritance | Blocks or unblocks inheritance for a specified domain or OU. |
| Set-GPLink | Sets the properties of the specified GPO link. |
| Set-GPPermissions | Grants a level of permissions to a security principal for one GPO or for all the GPOs in a domain. |
| Set-GPPrefRegistryValue | Configures a registry preference item under either Computer Configuration or User Configuration in a GPO. |
| Set-GPRegistryValue | Configures one or more registry-based policy settings under either Computer Configuration or User Configuration in a GPO. |