Partager via


New-GPO

New-GPO

Creates a new GPO.

Syntax

New-GPO [-StarterGpoGuid <Guid>] [-Name] <string> [-Comment <string>] [-Domain <string>] [-Server <string>] [-Confirm] [-WhatIf] [<CommonParameters>]


New-GPO [-StarterGpoName <string>] [-Name] <string> [-Comment <string>] [-Domain <string>] [-Server <string>] [-Confirm] [-WhatIf] [<CommonParameters>]

Detailed Description

The New-GPO cmdlet creates a new GPO with a specified name. By default, the newly created GPO is not linked to a site, domain, or organizational unit (OU).

You can use this cmdlet to create a GPO that is based on a starter GPO by specifying the GUID or the display name of the Starter GPO, or by piping a StarterGpo object into the cmdlet.

The cmdlet returns a GPO object, which represents the newly created GPO, that you can pipe to other Group Policy cmdlets.

Parameters

-Comment <string>

Includes a comment for the new GPO. The comment string must be enclosed in double- or single-quotation marks and can contain 2,047 characters.

Use the comment to document the GPO and its implementation in your environment. Or, if you insert keywords in the comment, you can use the keyword filter to find GPOs that have matching keywords.

Attributes

Name Value

Required?

false

Accept wildcard characters?

false

Accept Pipeline Input?

false

Position?

named

-Domain <string>

Specifies the domain for this cmdlet. You must specify the fully qualified domain name (FQDN) of the domain (for example: SalesDomain.Contoso.com).

For the New-GPO cmdlet:
-- The new GPO is created in this domain.
-- If a Starter GPO is specified, it must exist in this domain.

If you do not specify the Domain parameter, then the domain of the user running the current session is used. (If the cmdlet is being executed from a computer startup or shutdown script, the domain of the computer is used.) For more information, see the Notes section in the full help.

If you specify a domain that is different from the domain of the user running the current session (or the computer for a startup or shutdown script), then a trust must exist between that domain and the domain of the user (or computer).

You can also refer to Domain by its built-in alias, "domainname". For more information, see about_Aliases.

Attributes

Name Value

Required?

false

Accept wildcard characters?

false

Accept Pipeline Input?

true (ByPropertyName)

Position?

named

-Name <string>

Assigns a display name to the new GPO.

If another GPO with the same display name exists in the domain an error occurs.

You can also refer to the Name parameter by its built-in alias, "displayname". For more information, see about_Aliases.

Attributes

Name Value

Required?

true

Accept wildcard characters?

false

Accept Pipeline Input?

false

Position?

1

-Server <string>

Specifies the name of the domain controller that this cmdlet contacts to complete the operation. You can specify either the fully qualified domain name (FQDN) or the host name. For example:

FQDN: DomainController1.SalesDomain.Contoso.com
Host Name: DomainController1

If you do not specify the name by using the Server parameter, the PDC emulator is contacted.

You can also refer to the Server parameter by its built-in alias, "dc". For more information, see about_Aliases.

Attributes

Name Value

Required?

false

Accept wildcard characters?

false

Accept Pipeline Input?

false

Position?

named

-StarterGpoGuid <Guid>

Specifies a Starter GPO by its globally unique identifier (GUID). The GUID uniquely identifies the Starter GPO. If a Starter GPO is specified, the GPO is created with its settings.

You can also refer to the StarterGpoGuid parameter by its built-in alias, "id". For more information, see about_Aliases.

Attributes

Name Value

Required?

false

Accept wildcard characters?

false

Accept Pipeline Input?

true (ByPropertyName)

Position?

named

-StarterGpoName <string>

Specifies a Starter GPO by its display name. The name can contain 255 characters. If the name includes blank characters, enclose the name in double-quotation marks or single-quotation marks. If a Starter GPO is specified, the GPO is created with its settings.

The display name is not guaranteed to be unique in the domain. If another Starter GPO with the same display name exists in the domain, an error occurs. You can use the StarterGpoGuid parameter to uniquely identify a Starter GPO.

You can also refer to the Name parameter by its built-in alias, "displayname". For more information, see about_Aliases.

Attributes

Name Value

Required?

false

Accept wildcard characters?

false

Accept Pipeline Input?

true (ByPropertyName)

Position?

named

-Confirm <SwitchParameter>

Prompts you for confirmation before executing the command.

Attributes

Name Value

Required?

false

Accept wildcard characters?

false

Accept Pipeline Input?

false

Position?

named

-WhatIf <SwitchParameter>

Describes what would happen if you executed the command without actually executing the command.

Attributes

Name Value

Required?

false

Accept wildcard characters?

false

Accept Pipeline Input?

false

Position?

named

-CommonParameter

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see About Common Parameter

Input and Return Types

The input type is the type of the objects that you can pipe to the cmdlet. The return type is the type of the objects that the cmdlet emits.

Input Type

Microsoft.GroupPolicy.StarterGpo. A Starter GPO that has predefined settings.

Return Type

Microsoft.GroupPolicy.Gpo. New-GPO returns the GPO that was created.

Notes

  • Only domain administrators, enterprise administrators, and members of the Group Policy creator owners group can create GPOs. These users must run Windows PowerShell in an elevated state.

    You can use the Domain parameter to explicitly specify the domain for this cmdlet.

    If you do not explicitly specify the domain, the cmdlet uses a default domain. The default domain is the domain that is used to access network resources by the security context under which the current session is running. This domain is typically the domain of the user that is running the session. For example, the domain of the user who started the session by opening Windows PowerShell from the Program Files menu, or the domain of a user that is specified in a runas command. However, computer startup and shutdown scripts execute under the context of the LocalSystem account. The LocalSystem account is a built-in local account, and it accesses network resources under the context of the computer account. Therefore, when this cmdlet is executed from a startup or shutdown script, the default domain is the domain to which the computer is joined.

Examples

EXAMPLE 1

C:\PS>

New-GPO -Name TestGPO -comment "This is a test GPO."



DisplayName      : TestGPO

DomainName       : contoso.com

Owner            : CONTOSO\Domain Admins

Id               : b8c1f2c2-fbd3-4a1f-94e1-3e156a65a29a

GpoStatus        : AllSettingsEnabled

Description      : This is a test GPO.

CreationTime     : 3/2/2009 3:37:23 AM

ModificationTime : 3/2/2009 3:37:22 AM

UserVersion      : AD Version: 0, SysVol Version: 0

ComputerVersion  : AD Version: 0, SysVol Version: 0

WmiFilter        :

                        

Description

-----------

This command creates a GPO in the domain of the user. The GPO is created with the specified comment.

EXAMPLE 2

C:\PS>

New-GPO -Name FromStarterGPO -StarterGPOName "Windows Vista EC Computer Starter GPO"                        

Description

-----------

This command creates a GPO in the domain of the user. The GPO is pre-populated with the settings of the Starter GPO.

EXAMPLE 3

C:\PS>

new-gpo -name TestGPO | new-gplink -target "ou=marketing,dc=contoso,dc=com" | set-gppermissions -permissionlevel gpoedit -targetname "Marketing Admins" -targettype group



DisplayName      : TestGPO

DomainName       : contoso.com

Owner            : CONTOSO\Domain Admins

Id               : b8c1f2c2-fbd3-4a1f-94e1-3e156a65a29a

GpoStatus        : AllSettingsEnabled

Description      :

CreationTime     : 3/2/2009 3:37:23 AM

ModificationTime : 3/2/2009 3:37:22 AM

UserVersion      : AD Version: 0, SysVol Version: 0

ComputerVersion  : AD Version: 0, SysVol Version: 0

WmiFilter        :

                        

Description

-----------

This command creates a new GPO ("TestGPO"), links it to the "Marketing" OU in the contoso.com domain, and grants the "Marketing Admins" security group permissions to edit the GPO.

A GPO object is returned by the command, so you could continue to configure the new GPO by piping the output to other cmdlets. For example, you could set Registry preference items or registry-based policy settings by piping the output to Set-GPPrefRegistryValue or to Set-GPRegistryValue.