Hi, this is Jeremy Moskowitz from GPanswers.com and today we are going to talk all about Group Policy Modeling. What the heck is Group Policy Modeling? Let’s take a big step back and let’s talk about how your environment already works.
For instance, in my little environment here I have got East Sales Users and West Sales. Maybe my East Sales is all the way in New York and my West Sales is all the way in California, and that’s cool. Every once in a while, I have people that will change job roles between my East Sales and my West Sales. What does that mean? It means, that if they change job roles that means their whole world, their whole Group Policy world is going to change.
If only there was a way for me to predict what that might look like when they change job roles, which would be great. It is great for me because I know what to work on if there is a problem. It is great for them because they are going to have a perfect user experience the first time they log on and it is great for you again, because you get to prove to the boss that you are thinking ahead about the kinds of problems users might have if they change job roles.
Group Policy Modeling is a prediction engine. I am going to right-click over Group Policy Modeling and go to Group Policy Modeling Wizard. The first thing you get asked is what Domain Controller do you want to use. The idea is that this is where the scientific calculation goes on it does not really involve your client machines too much.
We are going to pick a user. We will pick fabrikam\eastsalesuser1. We are going to take this guy, on this computer, fabrikam\win7computer1. We will take that combination so we have got a starting point. This is our starting point. Now, we are going to play pretend and we can play pretend at a bunch of different points here. I am not going to go over all these points, but the idea is, remember that I said, that they have changed job roles. This could mean that they were in one physical Active Directory site and they have changed job roles to a new Active Directory site. I only have really one site set up here for this demo, but you get the general idea. If I had a New York site and a California site I could make the difference there.
I could also, like I said, they are definitely changing job roles from East Sales over to West Sales, oops, they are a West Sales User and if they were changing computers. If they had a laptop they might keep this location where the computer is, but if they are changing job roles and are getting a new laptop or something, or a new desktop, you might also have to change the computer location.
There are some other points here as well about Security Groups, and also WMI filters. We do not want to get too far into that today, I just want to give you a quick primer of how this works.
Again, the simulation, or the math is happening on a Domain Controller and when it is done, let’s try to predict ourselves. I happen to have a very simple environment here, again, if somebody is going to go to the West Sales Users OU they should pick up the GPO123. Let’s go ahead and see if they get that. Sure enough, so they get Create a New Shortcut from the domain level and the Default Domain Policy for the domain level and also the GPO123 from West Sales.
It is a simple example, but if you had dozens or a hundred or whatever Group Policy objects all linked to various levels you are going to love the Group Policy Modeling Wizard. Not only does it show you what GPO’s you get applied to the computer and the users side, but also all the setting you are supposed to get. The idea is that this is a great way for you to know in advance what a User is supposed to get.