A bit of group policy for Aurora

On August 31, 2010, in Aurora, by

One of the things you notice upon cracking open the current beta of Aurora is that while it has the Group policy management console it does not have group policy predone for you.  Given the small network marketplace I can kinda understand why they are making this decision (but nevertheless if I were in charge of the Universe I’d have the policies preloaded but just not enforced to make it easier to use group policy should you want to)  But no worries you can export them from SBS 2008 and put similar ones in Aurora.

Now you won’t need the WSUS group polices as WSUS is not on Aurora, but you might want those handy dandy Win7 and XP firewall policies.

To export out of SBS 2008 and import into Aurora do the following:

Go down to the Group policy objects section and right mouse click on the group polices you want to export.  In this case we’ll be exporting the following:

  • Windows SBS Client – Windows Vista Policy (same as Win7)
  • Windows SBS Client – Windows XP policy
  • Windows SBS Client Policy

Right mouse click and click on backup for each one.  Dump it into a folder so you can get to it.

I renamed it aurora so I know what it is

Next we want to export out the WMI filters:

  • Windows SBS Client – Windows Vista
  • Windows SBS Client – Windows XP

 

Zip up the three group policy folders and copy the zip file along with the exported MOF files that are the WMI filters and move them to a flash drive or even a skydrive (after flipping IE ESC to off on the server to you can get the file off).  Now go to the Aurora server and log into the server itself.  Ignore the warning that you shouldn’t be here.

Launch the group policy management console.

Expand the group policy by clicking the arrow keys. Go down to the WMI filter section.

Right mouse click on the section and click “import”

Insert the filters you exported (and renamed)

 

You’ll see that it will confirm the wmi filter

Now comes the tricky part… scroll up to Group policy objects and click on New policy

 

Enter the name… Windows Aurora Client policy and press OK

 

Now right mouse click again and “import from settings”

Now drill down to that extracted zipped up folder of policies you borrowed from SBS 2008

 

And match up the policy you want with the name you entered, click next

It will check and make sure no UNC paths are messed up (there are none)

And it reminds you you’ll need to reset up the WMI filters

Keep doing that again until you’ve imported all three group policy settings

As you can see you’ve now imported all three.

Now edit the policy to limit the 7/Vista one to just 7/Vista clients by linking at the very bottom on the scope tab to the WMI filter that matches it.

Do the same for the XP group policy.

It will say “are you sure” after you’ve linked them.

Now comes the decision about how SBS sets up the “My business” OU

I just find it easier on my brain to make consistent OU’s so I went ahead and under the domain I made an OU and then under that set up the Aurora computers

I duplicated it and link the group policies you just made to that

I then linked the policies to that Organizational unit

So they end up with an Aurora Computers OU

Finally I clicked on “enforced” by right mouse clicking in that AuroraComputers section.

And there you have it.

Next up … a group policy preference how to for deploying mapped drives and other cool things.

 

6 Responses to A bit of group policy for Aurora

  1. Nils says:

    Excellent post! Thank you.

  2. Richard Gadsden says:

    Is this licensed, though?

    Surely these policies are only licensed under the SBS licence, so putting them on Aurora would be a breach of that licence agreement?

  3. bradley says:

    It’s just group policy. Rule sets. No licensing needed. You can import and export group policy from any box to any box.

  4. Dean says:

    ‘Now right mouse click again and “import from settings”‘

    Why “Import From Settings” and not “Restore From Backup” ?

  5. bradley says:

    Because in order to export from one to another it lays down in a format that isn’t a backup.

  6. Dean says:

    “Because in order to export from one to another it lays down in a format that isn’t a backup”

    I’m still confused. You said “Right mouse click and click on backup for each one”. Which means that the format is a backup. Also backup is the only choice you have because there is no export which to me would be the partner to import. To me every function should have an identical partner to keep things clear. Backup – Restore from backup. Export – Import.

    The only thing I can think of is that Import does the checks that you mentioned and Restore from Backup doesn’t