我必须通过GPO将域用户添加到本地组“远程桌面用户”中。
而且,由于我正在以自动化的方式构建域控制器映像,因此我想创建一个策略来设置域用户,作为每个域的远程桌面用户的一部分,每个域的本地组使用PowerShell加入了Windows Client机器。
我一直在尝试通过PowerShell管理GPO的受限制组,但没有成功。
我找到了以下代码,但它仅返回一个.xml,我可以检查来自GPO的限制组的组。
https://social.technet.microsoft.com/Forums/en-US/a956c361-3852-4ec2-a6e3-15475e67bdaa/listing-gpo-restricted-groups-with-powershell?forum=winserverpowershell
如果有办法出口GPO为.xml或任何其他格式,并将其编辑和导入更改,也可以。
我发现的另一个论坛,这是一个很好的解决方案,但仍然是手动的,是以下一个。我想通过PowerShell自动化这一步骤,但是很难做到这一点。
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/using------poloup-policy-preferences-to-manage-to-manage-the-local-administrator/ba-p/ba-p/ba-p/2592223
请,有人知道某种自动化方法来创建包括本地组的域用户的GPO吗?
谢谢!
I must add a domain user to the local group "Remote Desktop Users" via GPO.
And since I'm building Domain Controller images in an automated way, I want to create a policy to set a domain user as part of the Remote Desktop Users local group of each domain joined Windows client machine using PowerShell.
I've been trying to manage the Restricted Groups from a GPO via PowerShell, but without success.
I found the following code, but it returns only a .xml that I can check the groups located at the Restricted Groups from a GPO.
https://social.technet.microsoft.com/Forums/en-US/a956c361-3852-4ec2-a6e3-15475e67bdaa/listing-gpo-restricted-groups-with-powershell?forum=winserverpowershell
If there's a way to export the GPO as .XML or any other format and edit it and import that changes, it would be also fine.
Another forum that I found and it's a good solution but it's still manually, is the following one. I'd like to automate that steps via PowerShell, but it has been hard to do.
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/using-group-policy-preferences-to-manage-the-local-administrator/ba-p/259223
Please, does anyone know some automated way to create a GPO that includes a domain user to a local group?
Thanks all!
发布评论
评论(2)
https://social.technet.microsoft.com/wiki/wiki/contents/articles/20402.Active-directory-directory-polycoop-policy-policy-restrictrativer-groups.aspxs.aspxs.aspx
创建新GPO:设置 /安全设置 /限制组
,或者如果通过PowerShell脚本完成了不必要的情况,请创建GPO
使用组策略配置PowerShell启动脚本并启动
脚本并启动脚本:
https://social.technet.microsoft.com/wiki/contents/articles/20402.active-directory-group-policy-restricted-groups.aspx
Create new GPO: Computer Configuration / Policies / Windows Settings / Security Settings / Restricted Groups
or if neecessary is done by powershell script create GPO
Configuring PowerShell Startup Scripts with Group Policy
and launch script: