Re: Exporting GPOs from Active Directory
From: Scott Ehrlich (scott@ai.mit.edu)Date: 07/23/02
- Previous message: Evan Mann: "RE: Problems with IIS and Certification Services"
- In reply to: Laura A. Robinson: "Re: Exporting GPOs from Active Directory"
- Next in thread: Laura A. Robinson: "Re: Exporting GPOs from Active Directory"
- Reply: Laura A. Robinson: "Re: Exporting GPOs from Active Directory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 23 Jul 2002 11:41:49 -0400 To: "Laura A. Robinson" <larobins@bellatlantic.net>, "Brad Judy" <judy@colorado.edu>, "'David Vincent'" <david.vincent@mightyoaks.com>, "'Focus-Ms (E-mail)'" <focus-ms@securityfocus.com> From: Scott Ehrlich <scott@ai.mit.edu>
I think I've found it at:
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/fazam2000-o.asp
At 11:01 AM 7/23/2002 -0400, Laura A. Robinson wrote:
>Yes, it is based on licensed pieces of FAZAM, as, IIRC, is RSOP (Resultant
>Set of Policy)
>
>Laura
>----- Original Message -----
>From: "Brad Judy" <judy@colorado.edu>
>To: "'Laura A. Robinson'" <larobins@bellatlantic.net>; "'David Vincent'"
><david.vincent@mightyoaks.com>; "'Focus-Ms (E-mail)'"
><focus-ms@securityfocus.com>
>Sent: Tuesday, July 23, 2002 10:50 AM
>Subject: RE: Exporting GPOs from Active Directory
>
>
> > Microsoft will be releasing a "Group Policy Management Console" add-on
> > that will allow for export/import of GPOs in addition to a large number
> > of other features including a lot of scripting functions. It will have
> > to be run on a .Net machine, but will work with a Windows 2000 based
> > Active Directory. I think it is based on licensed pieces of FAZAM, but
> > I do not know for sure.
> >
> > Unfortunately since it must run on .Net Server it will not be released
> > for download until after the release of .Net Server.
> >
> > It was demoed in a session at the MS TechEd conference in April and they
> > even demonstrated exporting everything from a test domain and then
> > importing it into a new production domain.
> >
> > It doesn't help you now, but you can look forward to better GPO tools in
> > the future.
> >
> > Brad Judy
> >
> > Information Technology Services
> > University of Colorado at Boulder
> >
> > -----Original Message-----
> > From: Laura A. Robinson [mailto:larobins@bellatlantic.net]
> > Sent: Monday, July 22, 2002 1:41 PM
> > To: David Vincent; Focus-Ms (E-mail)
> > Subject: Re: Exporting GPOs from Active Directory
> >
> >
> > Doh! Read "GPOs" as "OUs"! Sorry folks!
> >
> > With that said, secedit does not export Group Policy Objects. It allows
> > you to export the security settings from that section of the machine's
> > policy, but it does not export GPOs.
> >
> > There is no officially supported method for exporting GPOs. However,
> > there are a couple of ways to do it:
> >
> > 1. Purchase FAZAM (http://www.fullarmor.com)
> > 2. Read these links:
> >
> > http://www.jsifaq.com/SUBK/tip5300/rh5320.htm
> > http://www.mike-tech.com/article.php?gif=win2k&article=147
> >
> > Laura
> > ----- Original Message -----
> > From: "David Vincent" <david.vincent@mightyoaks.com>
> > To: "'Laura A. Robinson'" <larobins@bellatlantic.net>; "Focus-Ms
> > (E-mail)" <focus-ms@securityfocus.com>
> > Sent: Monday, July 22, 2002 1:16 PM
> > Subject: RE: Exporting GPOs from Active Directory
> >
> >
> > > sorry laura, but i do believe you are confused.
> > >
> > > you want to use 'secedit' to export GPOs, LDFIDE exports lists of AD
> > objects
> > > in Line Delimited format, it is the partner to CSVIDE which exports AD
> >
> > > contents into Comma Seperated Values.
> > >
> > > check the help for more info on 'secedit' or the usual 'c:\secedit /?'
> > >
> > >
> > >
> > >
> > > David Vincent CNA/MCSE
> > > Network Administrator
> > >
> > > www.mightyOaks.com
> > > david.vincent@mightyoaks.com
> > >
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: Laura A. Robinson [mailto:larobins@bellatlantic.net]
> > > Sent: July 22, 2002 9:58 AM
> > > To: hbcsc502@csun.edu; focus-ms@securityfocus.com
> > > Subject: Re: Exporting GPOs from Active Directory
> > >
> > >
> > > You can use LDIFDE to do this. LDIFDE (LDIF Directory Export, IIRC) is
> >
> > > a command-line utility installed on Windows 2000 server boxes that
> > > allows
> > you
> > > to import/export/modify LDAP directories using text files. The utility
> >
> > > is not installed on Win2K pro boxes even with adminpak, but it should
> > > be on
> > any
> > > of your server installations.
> > >
> > > If you're running it from a DC, you would just open a command prompt
> > > and type
> > >
> > > ldifde -f <name of file to export to>
> > >
> > > There'd be other options you would have to type depending on the
> > credentials
> > > you want to use to connect and how much you want to export, but the
> > utility
> > > is relatively self-explanatory.
> > >
> > > Some additional info:
> > >
> > http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/b
> > ulks
> > > teps.asp
> > > http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q263991&
> > >
> > > Laura
> > > ----- Original Message -----
> > > From: "Phydeaux" <hbcsc502@csun.edu>
> > > To: <focus-ms@securityfocus.com>
> > > Sent: Monday, July 22, 2002 1:55 AM
> > > Subject: Exporting GPOs from Active Directory
> > >
> > >
> > > > Hello all,
> > > >
> > > > Does anyone know how to export GPOs in an Active Directory to the
> > > > .inf files? I am looking for a native utility from Microsoft ore
> > > > another
> > free
> > > > tool. Also on the flip side, how do I import settings into a GPO?
> > > >
> > > > Brian
> > > >
> > >
> >
- Previous message: Evan Mann: "RE: Problems with IIS and Certification Services"
- In reply to: Laura A. Robinson: "Re: Exporting GPOs from Active Directory"
- Next in thread: Laura A. Robinson: "Re: Exporting GPOs from Active Directory"
- Reply: Laura A. Robinson: "Re: Exporting GPOs from Active Directory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
