summaryrefslogtreecommitdiff
path: root/ansible/scripts/setup-gpo.ps1
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/scripts/setup-gpo.ps1')
-rw-r--r--ansible/scripts/setup-gpo.ps129
1 files changed, 29 insertions, 0 deletions
diff --git a/ansible/scripts/setup-gpo.ps1 b/ansible/scripts/setup-gpo.ps1
new file mode 100644
index 0000000..8d0bb5d
--- /dev/null
+++ b/ansible/scripts/setup-gpo.ps1
@@ -0,0 +1,29 @@
+param (
+ [string]$DomainName = "contoso.com"
+)
+$scriptName = $MyInvocation.MyCommand.Name
+$logFile = "C:\Logs\${scriptName}_log.txt"
+Start-Transcript -Path $logFile -Append
+
+$DomainNameDN = "DC=$($DomainName.Split(".")[0]),DC=$($DomainName.Split(".")[1])"
+$DomainUsers = Get-ADGroup "Domain Users"
+try {
+ $GPO1 = New-GPO -Name "TestGPO1"
+ $GPO2 = New-GPO -Name "TestGPO2"
+ Set-GPPermission -Name $GPO1.DisplayName -PermissionLevel GpoEditDeleteModifySecurity -TargetName $DomainUsers.Name -TargetType Group
+ Set-GPPermission -Name $GPO2.DisplayName -PermissionLevel GpoEditDeleteModifySecurity -TargetName $DomainUsers.Name -TargetType Group
+
+ Write-Host "[INFO] Created insecure GPOs $($GPO1.DisplayName), $($GPO2.DisplayName) with GpoEditDeleteModifySecurity"
+} catch {
+ Write-Host "[ERR] Failed to create insecure GPOs $($GPO1.DisplayName), $($GPO2.DisplayName) with GpoEditDeleteModifySecurity"
+}
+
+try {
+ New-GPLink -Name $GPO1.DisplayName -Target "$DomainNameDN" -LinkEnabled Yes
+ New-GPLink -Name $GPO2.DisplayName -Target "$DomainNameDN" -LinkEnabled Yes
+
+ Write-Host "[INFO] Created GP links for $($GPO1.DisplayName), $($GPO2.DisplayName) on $DomainNameDN"
+} catch {
+ Write-Host "[ERR] Failed to create GP links for $($GPO1.DisplayName), $($GPO2.DisplayName) on $DomainNameDN"
+}
+Stop-Transcript
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-12 22:47:30 +0000