Menu
InformatiWeb Pro
  • Index
  • System admin
  • Virtualization

Login

Registration Password lost ?
FR
  • Windows Server
    • WMS 2012
    • WS2012 R2
    • WS2016
  • Citrix
    • Citrix NetScaler Gateway
    • Citrix XenApp / XenDesktop
    • Citrix XenServer
  • VMware
    • VMware ESXi
    • VMware vSphere
    • VMware Workstation
  • Microsoft
    • Hyper-V
  • RAID
    • Adaptec SmartRAID
  • UPS
    • APC Back-UPS Pro
  • InformatiWeb Pro
  • System admin
  • Windows Server
  • Courses
  • Learn how to deploy Active Directory (AD DS) on WS 2016
  • Create starter GPOs
9 / 32
  • Add an Active Directory subdomain
  • Group Policy (GPO) management
  • Windows Server
  • 08 October 2021 at 18:51 UTC
  • InformatiWeb

Create starter GPOs to export your Group Policy settings on Windows Server 2016

Through the "Group Policy Management" console, you can create Group Policy Objects as well as Starter GPOs.
In this tutorial, we will create starter GPOs.
The advantage of GPO starter GPOs is that they can be exported to import them on another domain controller, unlike normal GPOs.

By default, the "Starter GPOs" folder is not created, but all you have to do is select it and click on the "Create Starter GPOs Folder" button.

As you can see, by default, 2 starter GPOs are created automatically.

To create a new starter GPO object, right click "New".

Provide a name for your Starter GPO.

The created object appears in the "Starter GPOs in [name of your domain]" list.

To edit it, you just have to right click "Edit" on it.

As you can see, when you edit a Starter GPO object, you only have access to the "Administrative Templates" part of the computer and user configurations.
For the example, we will enable the group policies allowing you to block access to removable disks (USB keys, ...).

We have enabled 3 group policies.

As explained previously, the advantage of creating Starter GPOs is that you can export them so that you can then import them back to another Active Directory infrastructure.
To do this, select the starter GPO you just created and click : Save as Cabinet.

Specify the name of the file under which this object will be exported.

As expected, we now have a CAB file that we can very easily import to another Active Directory infrastructure.

CAB files are compressed files (like zip files, for example), so you can open them from Windows and see that they contain in this case files :

  • Machine_Comment.cmtx
  • Machine_Registry.pol
  • Report.html
  • StarterGPO.tmplx

To extract these files, select them inside the CAB file and right click "Extract" on them.

Select the folder where you want to unzip these files.

If you try to open these files with Notepad, you will see that the "cmtx" file is in "XML" format and that you find the "Policies.RemovableStorageAccess" mention which corresponds to the group policies enabled previously for the access to removable disks.

The most interesting file is the "Report.html" file, because once opened, you will be able to see very easily which policies are enabled, as well as their values.

For the "StarterGPO.tmplx" file, it's in XML format and contains information about the Starter GPO object itself.

Right now, our Starter GPO is created and policies are configured there, but this object is not tied to our computers or our users.
However, to use our GPO, we just need to create a new GPO in the "Group Policy Objects" folder.

Then, select the Starter GPO object created previously in the "Source GPO Starter Object" list.

Right click "Edit" on your GPO object.

As you can see, since this new GPO is based on our Starter GPO, the policies defined in the Starter GPO have already been configured here.

Share this tutorial

Partager
Tweet

To see also

  • Windows Server - AD DS - How Active Directory replication works

    Windows Server 4/16/2021

    Windows Server - AD DS - How Active Directory replication works

  • Windows Server - AD DS - Overview of Active Directory functional levels

    Windows Server 4/30/2021

    Windows Server - AD DS - Overview of Active Directory functional levels

  • Windows Server - AD DS - The basics of Active Directory

    Windows Server 4/3/2021

    Windows Server - AD DS - The basics of Active Directory

  • WS 2016 - AD DS - Add a domain controller to an existing AD domain

    Windows Server 5/21/2021

    WS 2016 - AD DS - Add a domain controller to an existing AD domain

Comments

You must be logged in to post a comment

Share your opinion

Pinned content

  • Software (System admin)
  • Linux softwares
  • Our programs
  • Terms and conditions
  • Share your opinion

Contact

  • Guest book
  • Technical support
  • Contact

® InformatiWeb-Pro.net - InformatiWeb.net 2008-2022 - © Lionel Eppe - All rights reserved.

Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.