public/AD-TIER
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove moving privileged groups from script

Browse Source
This commit is contained in:
Petr Štěpán
2024-03-12 16:04:02 +00:00
parent 67591cfd95
commit 522f46afda
1 changed files with 276 additions and 282 deletions
Download Patch File Download Diff File Expand all files Collapse all files

558
Import-TIER-GPO.ps1
View File

@@ -1,283 +1,277 @@
#Requires -Version 3 -RunAsAdministrator #Requires -Version 3 -RunAsAdministrator
#Requires -Modules ActiveDirectory, GroupPolicy #Requires -Modules ActiveDirectory, GroupPolicy
<# <#
.Synopsis .Synopsis
Import TIER GPO policy Import TIER GPO policy
.DESCRIPTION .DESCRIPTION
Import GPO policy for TIERing and the necessary structure of objects Import GPO policy for TIERing and the necessary structure of objects
.EXAMPLE .EXAMPLE
.EXAMPLE .EXAMPLE
.EXAMPLE .EXAMPLE
.INPUTS .INPUTS
.NOTES .NOTES
Author: Petr Štěpán Author: Petr Štěpán
Email: pstepan@totalservice.cz Email: pstepan@totalservice.cz
Release date: 13.2.2024 Release date: 13.2.2024
Revision date: 13.2.2024 Revision date: 13.2.2024
Version: 1.0 Version: 1.0
.LINK .LINK
https://git.totalservice.cz/xxxxxxxx https://git.totalservice.cz/xxxxxxxx
https://totalservice.atlassian.net/browse/KB-316 https://totalservice.atlassian.net/browse/KB-316
#> #>
Param Param
( (
# WorkFolderPath - working dir for script and download assets # WorkFolderPath - working dir for script and download assets
[String] [String]
$WorkFolderPath = (Join-Path -Path $env:homedrive -ChildPath 'Temp\TIER'), $WorkFolderPath = (Join-Path -Path $env:homedrive -ChildPath 'Temp\TIER'),
# TranscriptFileName - File name of script log # TranscriptFileName - File name of script log
[String] [String]
$TranscriptFileName = "Script_$(Get-Date -Format 'yyyMMdd_HHmmss').log", $TranscriptFileName = "Script_$(Get-Date -Format 'yyyMMdd_HHmmss').log",
# GPOBackupZipFileName - Name of GPO backup zip file # GPOBackupZipFileName - Name of GPO backup zip file
[String] [String]
$GPOBackupZipFileName = 'GPO_TIER.zip', $GPOBackupZipFileName = 'GPO_TIER.zip',
# DownloadURLGPOBackup - URL for downloading GPO backup file # DownloadURLGPOBackup - URL for downloading GPO backup file
[String] [String]
$DownloadURLGPOBackup = 'https://git.totalservice.cz/public/AD-TIER/raw/branch/main/GPO_TIER.zip' $DownloadURLGPOBackup = 'https://git.totalservice.cz/public/AD-TIER/raw/branch/main/GPO_TIER.zip'
) )
Begin Begin
{ {
$ErrorActionPreference = "Stop" $ErrorActionPreference = "Stop"
#Start Transcript #Start Transcript
Start-Transcript -Path (Join-Path -Path $WorkFolderPath -ChildPath $TranscriptFileName) Start-Transcript -Path (Join-Path -Path $WorkFolderPath -ChildPath $TranscriptFileName)
#Script start running time #Script start running time
$StartScriptTime = Get-Date $StartScriptTime = Get-Date
#### FUNCTIONS ### #### FUNCTIONS ###
#Sending messages to console #Sending messages to console
function Write-Message([string]$Message, [ValidateSet("Info","Warning","Error","Success")]$Severity="Info") function Write-Message([string]$Message, [ValidateSet("Info","Warning","Error","Success")]$Severity="Info")
{ {
[string]$Time = (Get-Date -Format "HH:mm:ss").Trim() [string]$Time = (Get-Date -Format "HH:mm:ss").Trim()
[string]$Count = ((Get-Date) - $StartScriptTime) [string]$Count = ((Get-Date) - $StartScriptTime)
switch($Severity) switch($Severity)
{ {
"Info" {Write-Host $Time"|"$Count "-" $Message; Break} "Info" {Write-Host $Time"|"$Count "-" $Message; Break}
"Warning" {Write-Host $Time"|"$Count "-" $Message -ForegroundColor Yellow; Break} "Warning" {Write-Host $Time"|"$Count "-" $Message -ForegroundColor Yellow; Break}
"Error" {Write-Host $Time"|"$Count "-" $Message -ForegroundColor Red; Break} "Error" {Write-Host $Time"|"$Count "-" $Message -ForegroundColor Red; Break}
"Success" {Write-Host $Time"|"$Count "-" $Message -ForegroundColor Green; Break} "Success" {Write-Host $Time"|"$Count "-" $Message -ForegroundColor Green; Break}
} }
} }
function Create-ADTierStructure([string]$DistinguishedName) function Create-ADTierStructure([string]$DistinguishedName)
{ {
Write-Message -Message "Creating OU structure" Write-Message -Message "Creating OU structure"
New-ADOrganizationalUnit -Name "Admins" -Path $DistinguishedName New-ADOrganizationalUnit -Name "Admins" -Path $DistinguishedName
New-ADOrganizationalUnit -Name "Domain" -Path "OU=Admins,$DistinguishedName" New-ADOrganizationalUnit -Name "Domain" -Path "OU=Admins,$DistinguishedName"
New-ADOrganizationalUnit -Name "Servers" -Path "OU=Admins,$DistinguishedName" New-ADOrganizationalUnit -Name "Servers" -Path "OU=Admins,$DistinguishedName"
New-ADOrganizationalUnit -Name "Workstations" -Path "OU=Admins,$DistinguishedName" New-ADOrganizationalUnit -Name "Workstations" -Path "OU=Admins,$DistinguishedName"
Write-Message -Message "Creating Security Groups" Write-Message -Message "Creating Security Groups"
$group = New-ADGroup -Name "AD Managers" -SamAccountName "AD Managers" -GroupCategory Security -GroupScope Global -DisplayName "AD Managers" -Path "OU=Domain,OU=Admins,$DistinguishedName" -Description "Group for managing un-privileged accounts in AD." -PassThru $group = New-ADGroup -Name "AD Managers" -SamAccountName "AD Managers" -GroupCategory Security -GroupScope Global -DisplayName "AD Managers" -Path "OU=Domain,OU=Admins,$DistinguishedName" -Description "Group for managing un-privileged accounts in AD." -PassThru
$ADGroupMapping.ADManagers = "$($group.SamAccountName)@$FQDN" $ADGroupMapping.ADManagers = "$($group.SamAccountName)@$FQDN"
$group = New-ADGroup -Name "Server Admins" -SamAccountName "Server Admins" -GroupCategory Security -GroupScope Global -DisplayName "Server Admins" -Path "OU=Servers,OU=Admins,$DistinguishedName" -Description "Managing servers in TIER 1" -PassThru $group = New-ADGroup -Name "Server Admins" -SamAccountName "Server Admins" -GroupCategory Security -GroupScope Global -DisplayName "Server Admins" -Path "OU=Servers,OU=Admins,$DistinguishedName" -Description "Managing servers in TIER 1" -PassThru
$ADGroupMapping.ServerAdmins = "$($group.SamAccountName)@$FQDN" $ADGroupMapping.ServerAdmins = "$($group.SamAccountName)@$FQDN"
$group = New-ADGroup -Name "Workstation Admins" -SamAccountName "Workstation Admins" -GroupCategory Security -GroupScope Global -DisplayName "Workstation Admins" -Path "OU=Workstations,OU=Admins,$DistinguishedName" -Description "Managing workstations TIER 2" -PassThru $group = New-ADGroup -Name "Workstation Admins" -SamAccountName "Workstation Admins" -GroupCategory Security -GroupScope Global -DisplayName "Workstation Admins" -Path "OU=Workstations,OU=Admins,$DistinguishedName" -Description "Managing workstations TIER 2" -PassThru
$ADGroupMapping.WorkstationAdmins = "$($group.SamAccountName)@$FQDN" $ADGroupMapping.WorkstationAdmins = "$($group.SamAccountName)@$FQDN"
Write-Message -Message "Moving privileged grups to Admin\Domain OU." }
Get-ADGroup "Domain Admins" | Move-ADObject -TargetPath "OU=Domain,OU=Admins,$DistinguishedName"
Get-ADGroup "Enterprise Admins" | Move-ADObject -TargetPath "OU=Domain,OU=Admins,$DistinguishedName" #### FUNCTIONS END ###
Get-ADGroup "Schema Admins" | Move-ADObject -TargetPath "OU=Domain,OU=Admins,$DistinguishedName"
#Find FQDN and NetBIOS names
Write-Message -Message "Finding FQDN and NetBIOS name"
} $FQDN = (Get-ADDomain).DNSRoot
$DistinguishedName = (Get-ADDomain).DistinguishedName
#### FUNCTIONS END ### Write-Message -Message ('FQDN is: {0} and DistinguishedName is: {1}' -f $FQDN, $DistinguishedName)
#Find FQDN and NetBIOS names #### VARIABLES ####
Write-Message -Message "Finding FQDN and NetBIOS name" $ADGroupMapping = @{
$FQDN = (Get-ADDomain).DNSRoot "ServerAdmins" = ""
$DistinguishedName = (Get-ADDomain).DistinguishedName "WorkstationAdmins" = ""
Write-Message -Message ('FQDN is: {0} and DistinguishedName is: {1}' -f $FQDN, $DistinguishedName) "ADManagers" = ""
"Administrator" = "Administrator@$FQDN"
#### VARIABLES #### "DomainAdmins" = "Domain Admins@$FQDN"
$ADGroupMapping = @{ "EnterpriseAdmins" = "Enterprise Admins@$FQDN"
"ServerAdmins" = "" }
"WorkstationAdmins" = "" #### END VARIABLES ####
"ADManagers" = ""
"Administrator" = "Administrator@$FQDN" #Find GPO backup file zip
"DomainAdmins" = "Domain Admins@$FQDN" Write-Message -Message ("Finding GPO backup zip file ({0})" -f $GPOBackupZipFileName)
"EnterpriseAdmins" = "Enterprise Admins@$FQDN" If (!(Test-Path -Path (Join-Path -Path $WorkFolderPath -ChildPath $GPOBackupZipFileName)))
} {
#### END VARIABLES #### Write-Message -Message ("{0} not found. Starting downloading ..." -f $GPOBackupZipFileName)
#Download GPO Backup zip file
#Find GPO backup file zip Write-Message -Message "Downloading GPO backup file"
Write-Message -Message ("Finding GPO backup zip file ({0})" -f $GPOBackupZipFileName) $DownloadStartTime = Get-Date
If (!(Test-Path -Path (Join-Path -Path $WorkFolderPath -ChildPath $GPOBackupZipFileName))) #Certificate work around
{ [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Write-Message -Message ("{0} not found. Starting downloading ..." -f $GPOBackupZipFileName) Invoke-WebRequest -Uri $DownloadURLGPOBackup -OutFile (Join-Path -Path $WorkFolderPath -ChildPath $GPOBackupZipFileName)
#Download GPO Backup zip file Write-Message -Message ('Downloaded in: {0} second(s)' -f ((Get-Date) - $DownloadStartTime)) -Severity Success
Write-Message -Message "Downloading GPO backup file"
$DownloadStartTime = Get-Date }else{
#Certificate work around Write-Message -Message ("{0} found in shared folder" -f $GPOBackupZipFileName) -Severity Success
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 }
Invoke-WebRequest -Uri $DownloadURLGPOBackup -OutFile (Join-Path -Path $WorkFolderPath -ChildPath $GPOBackupZipFileName)
Write-Message -Message ('Downloaded in: {0} second(s)' -f ((Get-Date) - $DownloadStartTime)) -Severity Success #Unpack GPO backupfile
Write-Message -Message ("Unpacking GPO backup file {0}" -f $GPOBackupZipFileName)
}else{ Expand-Archive -LiteralPath (Join-Path -Path $WorkFolderPath -ChildPath $GPOBackupZipFileName) -DestinationPath $WorkFolderPath -Force
Write-Message -Message ("{0} found in shared folder" -f $GPOBackupZipFileName) -Severity Success
}
#Unpack GPO backupfile }
Write-Message -Message ("Unpacking GPO backup file {0}" -f $GPOBackupZipFileName) Process
Expand-Archive -LiteralPath (Join-Path -Path $WorkFolderPath -ChildPath $GPOBackupZipFileName) -DestinationPath $WorkFolderPath -Force {
Write-Host "Example:
fqdn.contoso.com/
├─ Admins/
} │ ├─ Domain/
Process │ │ ├─ AD Managers
{ │ ├─ Servers/
Write-Host "Example: │ │ ├─ Server Admins
fqdn.contoso.com/ │ ├─ Workstations/
├─ Admins/ │ │ ├─ Workstation Admins
│ ├─ Domain/ ├─ .../
│ │ ├─ AD Managers ├─ .../
│ ├─ Servers/ ├─ Computers/"
│ │ ├─ Server Admins
│ ├─ Workstations/ $createDefaultADStructure = ''
│ │ ├─ Workstation Admins do {
├─ .../ $answer = $(Write-Host "Do you want to import default OU and Security Groups structure? [Y/N] " -ForegroundColor Yellow -NoNewline; Read-Host)
├─ .../
├─ Computers/" switch (($answer).ToLower()) {
"y" { $createDefaultADStructure = $true; break; }
$createDefaultADStructure = '' "n" { $createDefaultADStructure = $false; break;}
do { Default {}
$answer = $(Write-Host "Do you want to import default OU and Security Groups structure? [Y/N] " -ForegroundColor Yellow -NoNewline; Read-Host) }
} until (
switch (($answer).ToLower()) { ($createDefaultADStructure -eq $true) -or ($createDefaultADStructure -eq $false)
"y" { $createDefaultADStructure = $true; break; } )
"n" { $createDefaultADStructure = $false; break;}
Default {} if($createDefaultADStructure){
} Write-Message -Message "Generating OU a Security Groups structure"
} until ( Create-ADTierStructure($DistinguishedName)
($createDefaultADStructure -eq $true) -or ($createDefaultADStructure -eq $false)
) }else {
Write-Message -Message "Manual Security Group mapping choosen"
if($createDefaultADStructure){
Write-Message -Message "Generating OU a Security Groups structure" Write-Message -Message "Getting group name for Server Admins"
Create-ADTierStructure($DistinguishedName) # Server Admins
do {
}else { $exist = $false
Write-Message -Message "Manual Security Group mapping choosen" $group = $(Write-Host "Enter SamAccount name of group for SERVER ADMINS: " -ForegroundColor Yellow -NoNewline; Read-Host)
$exist = Get-ADGroup -Filter {SamAccountName -eq $group}
Write-Message -Message "Getting group name for Server Admins"
# Server Admins if($exist -eq $null) {
do { Write-Message -Message ("Group {0} doesn't exist" -f $group) -Severity Error
$exist = $false }else{
$group = $(Write-Host "Enter SamAccount name of group for SERVER ADMINS: " -ForegroundColor Yellow -NoNewline; Read-Host) $ADGroupMapping.ServerAdmins = "$($group)@$FQDN"
$exist = Get-ADGroup -Filter {SamAccountName -eq $group} }
} until (
if($exist -eq $null) { $exist -ne $null
Write-Message -Message ("Group {0} doesn't exist" -f $group) -Severity Error )
}else{
$ADGroupMapping.ServerAdmins = "$($group)@$FQDN" Write-Message -Message "Getting group name for Workstation Admins"
} # Workstation Admins
} until ( do {
$exist -ne $null $exist = $false
) $group = $(Write-Host "Enter SamAccount name of group for WORKSTATION ADMINS: " -ForegroundColor Yellow -NoNewline; Read-Host)
$exist = Get-ADGroup -Filter {SamAccountName -eq $group}
Write-Message -Message "Getting group name for Workstation Admins"
# Workstation Admins if($exist -eq $null) {
do { Write-Message -Message ("Group {0} doesn't exist" -f $group) -Severity Error
$exist = $false }else{
$group = $(Write-Host "Enter SamAccount name of group for WORKSTATION ADMINS: " -ForegroundColor Yellow -NoNewline; Read-Host) $ADGroupMapping.WorkstationAdmins = "$($group)@$FQDN"
$exist = Get-ADGroup -Filter {SamAccountName -eq $group} }
} until (
if($exist -eq $null) { $exist -ne $null
Write-Message -Message ("Group {0} doesn't exist" -f $group) -Severity Error )
}else{
$ADGroupMapping.WorkstationAdmins = "$($group)@$FQDN" Write-Message -Message "Getting group name for AD Managers"
} # AD Managers
} until ( do {
$exist -ne $null $exist = $false
) $group = $(Write-Host "Enter SamAccount name of group for AD MANAGERS: " -ForegroundColor Yellow -NoNewline; Read-Host)
$exist = Get-ADGroup -Filter {SamAccountName -eq $group}
Write-Message -Message "Getting group name for AD Managers"
# AD Managers if($exist -eq $null) {
do { Write-Message -Message ("Group {0} doesn't exist" -f $group) -Severity Error
$exist = $false }else{
$group = $(Write-Host "Enter SamAccount name of group for AD MANAGERS: " -ForegroundColor Yellow -NoNewline; Read-Host) $ADGroupMapping.ADManagers = "$($group)@$FQDN"
$exist = Get-ADGroup -Filter {SamAccountName -eq $group} }
} until (
if($exist -eq $null) { $exist -ne $null
Write-Message -Message ("Group {0} doesn't exist" -f $group) -Severity Error )
}else{ }
$ADGroupMapping.ADManagers = "$($group)@$FQDN"
} #Prepare GPO
} until ( #Reference https://gallery.technet.microsoft.com/Migrate-Group-Policy-2b5067d8#content
$exist -ne $null #Change variables in the GPO migration table to suit environment by recursing through the migration table and then changing the values to suit the current environment.
) Write-Message -Message "Modifying GPO migration table for SEC-ADMIN-DOMAIN"
} $MigrationTable = "$WorkFolderPath\GPO_tier\SEC-Admin-Domain.migtable"
$content = Get-Content $MigrationTable
#Prepare GPO foreach($object in $ADGroupMapping.GetEnumerator()){
#Reference https://gallery.technet.microsoft.com/Migrate-Group-Policy-2b5067d8#content $content = $content.Replace("[[$($object.Name)]]", $object.Value)
#Change variables in the GPO migration table to suit environment by recursing through the migration table and then changing the values to suit the current environment. }
Write-Message -Message "Modifying GPO migration table for SEC-ADMIN-DOMAIN" $content | Set-Content $MigrationTable
$MigrationTable = "$WorkFolderPath\GPO_tier\SEC-Admin-Domain.migtable"
$content = Get-Content $MigrationTable Write-Message -Message "Modifying GPO migration table for SEC-ADMIN-SERVERS"
foreach($object in $ADGroupMapping.GetEnumerator()){ $MigrationTable = "$WorkFolderPath\GPO_tier\SEC-Admin-Servers.migtable"
$content = $content.Replace("[[$($object.Name)]]", $object.Value) $content = Get-Content $MigrationTable
} foreach($object in $ADGroupMapping.GetEnumerator()){
$content | Set-Content $MigrationTable $content = $content.Replace("[[$($object.Name)]]", $object.Value)
}
Write-Message -Message "Modifying GPO migration table for SEC-ADMIN-SERVERS" $content | Set-Content $MigrationTable
$MigrationTable = "$WorkFolderPath\GPO_tier\SEC-Admin-Servers.migtable"
$content = Get-Content $MigrationTable Write-Message -Message "Modifying GPO migration table for SEC-ADMIN-WORKSTATIONS"
foreach($object in $ADGroupMapping.GetEnumerator()){ $MigrationTable = "$WorkFolderPath\GPO_tier\SEC-Admin-Workstations.migtable"
$content = $content.Replace("[[$($object.Name)]]", $object.Value) $content = Get-Content $MigrationTable
} foreach($object in $ADGroupMapping.GetEnumerator()){
$content | Set-Content $MigrationTable $content = $content.Replace("[[$($object.Name)]]", $object.Value)
}
Write-Message -Message "Modifying GPO migration table for SEC-ADMIN-WORKSTATIONS" $content | Set-Content $MigrationTable
$MigrationTable = "$WorkFolderPath\GPO_tier\SEC-Admin-Workstations.migtable"
$content = Get-Content $MigrationTable
foreach($object in $ADGroupMapping.GetEnumerator()){ #Import GPO
$content = $content.Replace("[[$($object.Name)]]", $object.Value) Write-Message -Message "Importing GPO policy SEC-ADMIN-DOMAIN"
} $GPOName = $(Write-Host "Enter name for GPO policy DOMAIN TIER (T0) [SEC-Admin-Domain] " -ForegroundColor Yellow -NoNewline; Read-Host)
$content | Set-Content $MigrationTable if ($GPOName -eq '') {$GPOName = "SEC-Admin-Domain"}
Import-GPO -CreateIfNeeded -path "$WorkFolderPath\GPO_tier" -BackupGpoName 'SEC-Admin-Domain' -TargetName $GPOName -MigrationTable "$WorkFolderPath\GPO_tier\SEC-Admin-Domain.migtable"
#Import GPO
Write-Message -Message "Importing GPO policy SEC-ADMIN-DOMAIN" Write-Message -Message "Importing GPO policy SEC-ADMIN-SERVERS"
$GPOName = $(Write-Host "Enter name for GPO policy DOMAIN TIER (T0) [SEC-Admin-Domain] " -ForegroundColor Yellow -NoNewline; Read-Host) $GPOName = $(Write-Host "Enter name for GPO policy SERVERS TIER (T1) [SEC-Admin-Servers] " -ForegroundColor Yellow -NoNewline; Read-Host)
if ($GPOName -eq '') {$GPOName = "SEC-Admin-Domain"} if ($GPOName -eq '') {$GPOName = "SEC-Admin-Servers"}
Import-GPO -CreateIfNeeded -path "$WorkFolderPath\GPO_tier" -BackupGpoName 'SEC-Admin-Domain' -TargetName $GPOName -MigrationTable "$WorkFolderPath\GPO_tier\SEC-Admin-Domain.migtable" Import-GPO -CreateIfNeeded -path "$WorkFolderPath\GPO_tier" -BackupGpoName 'SEC-Admin-Servers' -TargetName $GPOName -MigrationTable "$WorkFolderPath\GPO_tier\SEC-Admin-Servers.migtable"
Write-Message -Message "Importing GPO policy SEC-ADMIN-WORKSTATIONS"
Write-Message -Message "Importing GPO policy SEC-ADMIN-SERVERS" $GPOName = $(Write-Host "Enter name for GPO policy SERVERS TIER (T1) [SEC-Admin-Workstations] " -ForegroundColor Yellow -NoNewline; Read-Host)
$GPOName = $(Write-Host "Enter name for GPO policy SERVERS TIER (T1) [SEC-Admin-Servers] " -ForegroundColor Yellow -NoNewline; Read-Host) if ($GPOName -eq '') {$GPOName = "SEC-Admin-Workstations"}
if ($GPOName -eq '') {$GPOName = "SEC-Admin-Servers"} Import-GPO -CreateIfNeeded -path "$WorkFolderPath\GPO_tier" -BackupGpoName 'SEC-Admin-Workstations' -TargetName $GPOName -MigrationTable "$WorkFolderPath\GPO_tier\SEC-Admin-Workstations.migtable"
Import-GPO -CreateIfNeeded -path "$WorkFolderPath\GPO_tier" -BackupGpoName 'SEC-Admin-Servers' -TargetName $GPOName -MigrationTable "$WorkFolderPath\GPO_tier\SEC-Admin-Servers.migtable"
}
Write-Message -Message "Importing GPO policy SEC-ADMIN-WORKSTATIONS" End
$GPOName = $(Write-Host "Enter name for GPO policy SERVERS TIER (T1) [SEC-Admin-Workstations] " -ForegroundColor Yellow -NoNewline; Read-Host) {
if ($GPOName -eq '') {$GPOName = "SEC-Admin-Workstations"} Write-Message -Message "Hotovo!" -Severity Success
Import-GPO -CreateIfNeeded -path "$WorkFolderPath\GPO_tier" -BackupGpoName 'SEC-Admin-Workstations' -TargetName $GPOName -MigrationTable "$WorkFolderPath\GPO_tier\SEC-Admin-Workstations.migtable" Write-Message -Message "!!!POZOR!!! Před nalinkováním GPO politik na OU kde jsou servery nebo stanice si nejprve všechny nové politiky pozorně projdi a zvaž jejich dopad na konkrétní infrastrukturu klienta. Je doporučeno politiky nasazovat postupně a nejprve na malou pilotní skupinu. Nezapomeň také vytvořit nebo přidat uživatele do nově vytvořených security skupin." -Severity Warning
}
End #Stop Transcript
{ Write-Message -Message $(Stop-Transcript)
Write-Message -Message "Hotovo!" -Severity Success
Write-Message -Message "!!!POZOR!!! Před nalinkováním GPO politik na OU kde jsou servery nebo stanice si nejprve všechny nové politiky pozorně projdi a zvaž jejich dopad na konkrétní infrastrukturu klienta. Je doporučeno politiky nasazovat postupně a nejprve na malou pilotní skupinu. Nezapomeň také vytvořit nebo přidat uživatele do nově vytvořených security skupin." -Severity Warning
#Stop Transcript
Write-Message -Message $(Stop-Transcript)
} }