Based on my last Active Directory backup script I’ve developed a similar script to backup all group policies.
What it does:
- Create a daily full snapshot of all group policy objects
- Keep a daily, weekly and monthly snapshot
- Notify me if something failed (requires PowerShell PowerUp)
The goal of this project is a simple Windows 7 Kiosk installation with nothing else as the newest version of internet explorer installed. A user should not be allowed to do something than can malfunction the system or even elevating the user privileges. I want to show you in this post which GroupPolicies I’ve used and what configurations I made to set up this type of installation.
First I want to commit my principles for working with ActiveDirectory and Group Policies:
- If not needed a GroupPolicy shouldn’t contain any registry keys.
- Group Policies instructions are much easier to read.
- Only AMDX templates are allowed, this means no AMD templates or anything else.
- AMDX won’t in contrast to AMD templates becopied to the client, they stay in the SYSVOL Policy Definition folder on the domain controller.
- The Group Policy objects should be reusable.
- Configuring the minimum.