One of the things you notice upon cracking open the current beta of Aurora is that while it has the Group policy management console it does not have group policy predone for you. Given the small network marketplace I can kinda understand why they are making this decision (but nevertheless if I were in charge of the Universe I’d have the policies preloaded but just not enforced to make it easier to use group policy should you want to) But no worries you can export them from SBS 2008 and put similar ones in Aurora.
Now you won’t need the WSUS group polices as WSUS is not on Aurora, but you might want those handy dandy Win7 and XP firewall policies.
To export out of SBS 2008 and import into Aurora do the following:
Go down to the Group policy objects section and right mouse click on the group polices you want to export. In this case we’ll be exporting the following:
- Windows SBS Client – Windows Vista Policy (same as Win7)
- Windows SBS Client – Windows XP policy
- Windows SBS Client Policy
Right mouse click and click on backup for each one. Dump it into a folder so you can get to it.
I renamed it aurora so I know what it is
Next we want to export out the WMI filters:
- Windows SBS Client – Windows Vista
- Windows SBS Client – Windows XP
Zip up the three group policy folders and copy the zip file along with the exported MOF files that are the WMI filters and move them to a flash drive or even a skydrive (after flipping IE ESC to off on the server to you can get the file off). Now go to the Aurora server and log into the server itself. Ignore the warning that you shouldn’t be here.
Launch the group policy management console.
Expand the group policy by clicking the arrow keys. Go down to the WMI filter section.
Right mouse click on the section and click “import”
Insert the filters you exported (and renamed)
You’ll see that it will confirm the wmi filter
Now comes the tricky part… scroll up to Group policy objects and click on New policy
Enter the name… Windows Aurora Client policy and press OK
Now right mouse click again and “import from settings”
Now drill down to that extracted zipped up folder of policies you borrowed from SBS 2008
And match up the policy you want with the name you entered, click next
It will check and make sure no UNC paths are messed up (there are none)
And it reminds you you’ll need to reset up the WMI filters
Keep doing that again until you’ve imported all three group policy settings
As you can see you’ve now imported all three.
Now edit the policy to limit the 7/Vista one to just 7/Vista clients by linking at the very bottom on the scope tab to the WMI filter that matches it.
Do the same for the XP group policy.
It will say “are you sure” after you’ve linked them.
Now comes the decision about how SBS sets up the “My business” OU
I just find it easier on my brain to make consistent OU’s so I went ahead and under the domain I made an OU and then under that set up the Aurora computers
I duplicated it and link the group policies you just made to that
I then linked the policies to that Organizational unit
So they end up with an Aurora Computers OU
Finally I clicked on “enforced” by right mouse clicking in that AuroraComputers section.
And there you have it.
Next up … a group policy preference how to for deploying mapped drives and other cool things.