This is the built-in help made by Microsoft for the command 'Open-NetGPO', in PowerShell version 5 - as retrieved from
Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.
For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.
Creates a cached copy of the Group Policy Object (GPO) to modify locally.
Open-NetGPO [-PolicyStore] <String> [-AsJob] [-CimSession <CimSession[]>] [-DomainController <String>] [-ThrottleLimit <Int32>] [<CommonParameters>]
The Open-NetGPO cmdlet caches the Group Policy Object (GPO) so that modifications can be made locally. The changes are batch returned to the policy store with the
Save-NetGPO cmdlet.
Note: If the DomainController parameter value is not a writeable Domain Controller (DC), then the batch updates will not be applied. To help target a writeable DC, use the
cmdlets in the Active Directory module using the Get-Command cmdlet with the Module parameter set to ActiveDirectory.
Note: An error will result for using this cmdlet when the user is not a domain administrator.
<
Online Version: http://go.microsoft.com/fwlink/?LinkId=288123
Get-Command
New-NetFirewallRule
Remove-NetFirewallRule
Save-NetGPO
New-NetIPsecRule
Set-NetIPsecRule
Get-ADDomainController
New-GPO
<
EXAMPLE 1
PS C:\>$gpoSession = Open-NetGPO –PolicyStore castle.contoso.com\Win8ClientFirewallPolicy
PS C:\>Remove-NetFirewallRule –Name BlockIMAccess –GPOSession $gpoSession
PS C:\>New-NetFirewallRule –Name LimitIMAccess –DisplayName "Contoso Messenger" –Program "%ProgramFiles(X86)%\Contoso Messenger\cmsg.exe" –Action Block –GPOSession
$gpoSession
PS C:\>Save-NetGPO –GPOSession $gpoSession
This example replaces one rule in a domain GPO with another using a cached copy of the GPO.
EXAMPLE 2
PS C:\>$domain = "corp.contoso.com"
PS C:\>$gpo = "corp.contoso.com\FirewallPolicy"
PS C:\>$pdc = Get-ADDomainController -Discover -Service PrimaryDC -DomainName $domain
PS C:\>$session = Open-NetGPO -PolicyStore $gpo -DomainController $pdc.Hostname
This example shows targeting and opening a writeable DC. This ensures that the batch modifications are made when the GPO is closed.