Skip to Content
PowerShellGPO Management

GPO Management

Group Policy Objects (GPOs) are used to enforce settings across machines and users in an Active Directory domain — things like security policies, software installation, drive mappings, and startup scripts. The GroupPolicy PowerShell module lets you manage GPOs without opening the Group Policy Management Console (GPMC).

List All GPOs

Returns every GPO in the domain along with its status and timestamps. Useful for getting an overview of what policies exist before making changes.

Get-GPO -All | Select-Object DisplayName, GpoStatus, CreationTime, ModificationTime | Format-Table -AutoSize

Get GPO Details

Retrieves full metadata for a specific GPO, including its GUID, version, and WMI filter if one is applied.

Get-GPO -Name "Default Domain Policy"

Create a New GPO

Creates an empty, unlinked GPO. You’ll need to configure settings and link it to an OU before it takes effect.

New-GPO -Name "My New Policy"

Linking a GPO to an OU is what causes it to apply to the computers or users in that OU. A GPO can be linked to multiple OUs.

New-GPLink -Name "My New Policy" -Target "OU=Computers,DC=contoso,DC=com"

Removes the link between the GPO and the OU. The GPO itself is not deleted — it just stops applying to that scope.

Remove-GPLink -Name "My New Policy" -Target "OU=Computers,DC=contoso,DC=com"

Force a Group Policy Update on Remote Machines

By default, Group Policy refreshes every 90 minutes with a random offset. Use Invoke-GPUpdate to push an immediate refresh to specific machines without waiting.

$computers = @("PC01", "PC02", "PC03")
Invoke-GPUpdate -Computer $computers -Force

Generate a GPO Report (HTML)

Produces a human-readable report of all settings configured in a GPO. Useful for auditing or documentation.

Get-GPOReport -Name "Default Domain Policy" -ReportType HTML -Path "C:\Reports\GPOReport.html"

Back Up All GPOs

Exports all GPOs to a folder so they can be restored or migrated to another domain. Each GPO is saved as a separate subfolder identified by its GUID.

Backup-GPO -All -Path "C:\GPOBackups"

Restore a GPO from Backup

Restores a GPO’s settings from a previous backup. The GPO must already exist in the domain — this restores its configuration, not the GPO object itself.

Restore-GPO -Name "My New Policy" -Path "C:\GPOBackups"

[!NOTE] The GroupPolicy module requires the Group Policy Management feature. Install it with:

Install-WindowsFeature -Name GPMC
Last updated on
Autopilot HashScheduled Tasks