Export GPO to csv file

Gav0

Hi,

I need to re-do a GPO at work and apply it to a fresh OU. I've only just started studying for the 290 so please forgive me if this is something i should know. But is there a utility in Server 2003 that i can use to export the current GPO to a CSV file so i can then go through and see which settings are enabled/disabled. The aim is to create a new improved GPO based on the old one,

many thanks!

sprkymrk

From the GPMC open the GPO for editing, then select ACTION>Export List and you can save it as a csv, tab-delimited text, or whatever.

Might take you a while to get everything you want though. It's easier to save the report as an html or xml file than it is a spreadsheet unfortunately.

Gav0

Thanks for the reply Sprkymrk. Ive just had a look at this and i can only get it to export the details of the currently selected settings - rather then the entire GPO. Is this what you meant by it being time consuming?

It's easier to save the report as an html or xml file than it is a spreadsheet unfortunately

could you elaborate on how to do this. it doesnt have to be a csv file, i would just like to be able to easily view all the settings at a glance when making the new GPO?

cheers

sprkymrk

Gav0 wrote:

Thanks for the reply Sprkymrk. Ive just had a look at this and i can only get it to export the details of the currently selected settings - rather then the entire GPO. Is this what you meant by it being time consuming?

Yes.

Gav0 wrote:

sprkymrk wrote:

It's easier to save the report as an html or xml file than it is a spreadsheet unfortunately

could you elaborate on how to do this. it doesnt have to be a csv file, i would just like to be able to easily view all the settings at a glance when making the new GPO?

cheers

Sure, you open the GPMC, right click the GPO and select "Save Report".

Gav0

Perfect!

Im almost embarresed by the simplicity of the solution

This is exactly what im after - thanks again

sprkymrk

Your welcome. I like simple questions. Otherwise I let dynamik or royal answer them.

royal

sprkymrk wrote:

Your welcome. I like simple questions. Otherwise I let dynamik or royal answer them.

Mark, don't be so modest! You're definitely more knowledgeable than I am.

dynamik

royal wrote:

sprkymrk wrote:

Your welcome. I like simple questions. Otherwise I let dynamik or royal answer them.

Mark, don't be so modest! You're definitely more knowledgeable than I am.

Haha. And I fall well below both of you. I'm very knowledgeable over a small body of knowledge (and I'm great at using Google). Whenever the threads drift to Exchange, ISA, scripting, or any other enterprise-level task, I usually just sit back and observe. That was a nice gesture though, Mark

snadam

sprkymrk wrote:

Your welcome. I like simple questions. Otherwise I let dynamik or royal answer them.

And I just silently troll around to see if my answer matches up with yours

sprkymrk

snadam wrote:

sprkymrk wrote:

Your welcome. I like simple questions. Otherwise I let dynamik or royal answer them.

And I just silently troll around to see if my answer matches up with yours

Actually, together we make a great team. We should start our own consulting company. Dynamic can be the all-around Windows guy, Royal can do the DNS and Exchange stuff, and I'll get the coffee ready in the morning and bring donuts to the meetings.

Hey snadam, we need one more guy to do everything else, what do you say? You in?

royal

sprkymrk wrote:

snadam wrote:

sprkymrk wrote:

Your welcome. I like simple questions. Otherwise I let dynamik or royal answer them.

And I just silently troll around to see if my answer matches up with yours

Actually, together we make a great team. We should start our own consulting company. Dynamic can be the all-around Windows guy, Royal can do the DNS and Exchange stuff, and I'll get the coffee ready in the morning and bring donuts to the meetings.

Hey snadam, we need one more guy to do everything else, what do you say? You in?

Deal, but you guys can come down to Chicago. I ain't moving!

Dracula28

Speaking of GPMC, I haven't seen it being mentioned in any practice exam questions so far, will there be questions related to GPMC in the exam?

I want to know this, because in GPMC you can control what users, groups etc within the OU/domain will be affected by the GPO, which indirectly gives you the ability to "link" GPO's to other objects in AD than OUs.

And I think it again can give you access to create password policies for spesific users, even if password policies are supposed to be domainwide?

royal

I think I started to see GPMC once I hit the 70-294 exam.

Dracula28

So there are no questions about GPMC, GPO inheritance and such in the 290 exam?

dynamik

royal wrote:

I think I started to see GPMC once I hit the 70-294 exam.

Same here. You need to know what group policy is, does, and is capable of, but you don't need to actually configure anything this early on.

Dracula28

Ah ok, because I have the official course material for this exam, and that goes into lengthy details to explain GPMC, GPO inheritance and such. It also explains AD object permissions. Both of these things are not mentioned in the training kit at all.

Of course knowning this stuff won't hurt, but at the same time, it can be a bit too much for what is essentially the "entry" exam for the Server 2003.

I've never seen any talk about AD object permissions and GPMC (I actually had never heard of it until you guys mentioned it, and I looked it up in the official course book) in any practice exams either.

Claymoore

Dracula28 wrote:

And I think it again can give you access to create password policies for spesific users, even if password policies are supposed to be domainwide?

Password policies are applied at the domain level only, although they can be in a separate GPO and don't have to be in the Default Domain Policy. Not really 290 material - more 294 and certainly 297. One of the few (good) reasons to have separate domains in a forest is so you can enforce different password requirements.

royal

Claymoore wrote:

Dracula28 wrote:

And I think it again can give you access to create password policies for spesific users, even if password policies are supposed to be domainwide?

Password policies are applied at the domain level only

That's partially correct. Password policies that affect domain accounts can only be applied at the domain root level in the OU structure. You can still apply password policies at lower levels, but these password policies will only apply to local accounts where that specific computer is joined to that domain.

Claymoore

royal wrote:

That's partially correct. Password policies that affect domain accounts can only be applied at the domain root level in the OU structure. You can still apply password policies at lower levels, but these password policies will only apply to local accounts where that specific computer is joined to that domain.

I did not know that. Just proves that if you hang out on this site, you can learn something new every day - thanks, royal!