PowerShell Logo Small

Open-NetGPO



This is the built-in help made by Microsoft for the command 'Open-NetGPO', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Creates a cached copy of the Group Policy Object (GPO) to modify locally.

SYNTAX


Open-NetGPO [-PolicyStore] <String> [-AsJob] [-CimSession <CimSession[]>] [-DomainController <String>] [-ThrottleLimit <Int32>] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Open-NetGPO cmdlet caches the Group Policy Object (GPO) so that modifications can be made locally. The changes are batch returned to the policy store with the
Save-NetGPO cmdlet.


Note: If the DomainController parameter value is not a writeable Domain Controller (DC), then the batch updates will not be applied. To help target a writeable DC, use the
cmdlets in the Active Directory module using the Get-Command cmdlet with the Module parameter set to ActiveDirectory.


Note: An error will result for using this cmdlet when the user is not a domain administrator.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/?LinkId=288123
Get-Command
New-NetFirewallRule
Remove-NetFirewallRule
Save-NetGPO
New-NetIPsecRule
Set-NetIPsecRule
Get-ADDomainController
New-GPO

REMARKS

<

Examples


EXAMPLE 1

PS C:\>$gpoSession = Open-NetGPO –PolicyStore castle.contoso.com\Win8ClientFirewallPolicy



PS C:\>Remove-NetFirewallRule –Name BlockIMAccess –GPOSession $gpoSession



PS C:\>New-NetFirewallRule –Name LimitIMAccess –DisplayName "Contoso Messenger" –Program "%ProgramFiles(X86)%\Contoso Messenger\cmsg.exe" –Action Block –GPOSession
$gpoSession



PS C:\>Save-NetGPO –GPOSession $gpoSession



This example replaces one rule in a domain GPO with another using a cached copy of the GPO.




EXAMPLE 2

PS C:\>$domain = "corp.contoso.com"



PS C:\>$gpo = "corp.contoso.com\FirewallPolicy"



PS C:\>$pdc = Get-ADDomainController -Discover -Service PrimaryDC -DomainName $domain



PS C:\>$session = Open-NetGPO -PolicyStore $gpo -DomainController $pdc.Hostname



This example shows targeting and opening a writeable DC. This ensures that the batch modifications are made when the GPO is closed.