May 20th, 2016

New Policy Cmdlets for Nano Server

PowerShell Team
PowerShell Team

We have just released another set of new cmdlets intended for use on Nano Server for managing local policy. Although Nano Server doesn’t support Group Policy, it does support local policy. Previously, we released Security cmdlets to deal with .INF and .CSV files. Today, we released the GPRegistryPolicy cmdlets which will deal with .POL files containing registry policy settings.

.POL files can be generated from GPO Backups, or they can be generated with Export-GPRegistryPolicy. POL files will have either Local Machine or Local User registry keys, which must be specified to the Import-GPRegistryPolicy and Export-GPRegistryPolicy cmdlets. For Nano Server, all relevant settings will be Local Machine only.

Now that you can import and export .POL, .INF, and .CSV files to Nano Server, you can start applying security baselines to Nano Server.

If you want to use the Security Baselines for Windows Server, you can download baselines in GPO format here: http://blogs.technet.com/b/secguide/archive/2016/01/22/security-baseline-for-windows-10-v1511-quot-threshold-2-quot-final.aspx

After extracting the attached .zip onto the Windows Server you wish to manage, there will be several GPOs in the “GPOs” folder. From the GPO you wish to import, go to: DomainSysvol\GPO\Machine

If there are .POL files in the root of this folder, you can remotely invoke the following to import the registry values in that .POL file into the registry of the server

Import-Module GpRegistryPolicy

#replace this string with the path to the .pol file

$GpoPol = "c:\GPO\domainSysvol\GPO\Machine\registry.pol"

Import-GPRegistryPolicy -Path $GpoPol -LocalMachine

 

If there are advanced audit or security template files in this folder, they will be in: DomainSysvol\GPO\Machine\microsoft\windows nt\Audit\audit.csv or DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf respectively.

You can remotely invoke the following to import both advanced audit and security template settings to the server:

Import-Module SecurityCmdlets

#replace this string with the path to the .INF file

$SecInf = "c:\GPO\DomainSysvol\GPO\\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf"

$AuditCsv = "c:\GPO\DomainSysvol\GPO\Machine\microsoft\windows nt\Audit\audit.csv"

Restore-SecurityPolicy -Path $secInf

Restore-AuditPolicy -Path $auditCsv

 

Update 5/31/2016: We updated the blog title and first paragraph to clarify that Group Policy is not supported on Nano Server. These new cmdlets are used for managing local policy.

Category
PowerShell
Topics
News

Author

PowerShell Team
PowerShell Team

PowerShell is a task-based command-line shell and scripting language built on .NET. PowerShell helps system administrators and power-users rapidly automate tasks that manage operating systems (Linux, macOS, and Windows) and processes.

0 comments

Discussion are closed.