Just be aware that if you use Update in migration scenarios, you may not get the results you want, similar to Create.ĭelete – This is exactly what it sounds like: delete the object. For major changes like migrations to new servers, I would use Replace, since update is much weaker (albeit not as weak as Create). Because of this behavior, I usually choose this action whenever I’m deploying brand new objects, and just update it later on whenever something minor changes with it. Remember: If there is no existing object to update, then create the object–but don’t delete any objects, just update them. I would have had to add a delete option for the old path, since Update cannot delete anything, like Replace can. The example I like to use here is that if I try to Update an existing printer connection to refer to a new server path like changing \\srv-oldprinters\printer to \\srv-newprinters\printer–the result is that I get a new printer (like I wanted) but I keep the old one too (which I didn’t want). However, you should note: it does not remove or destroy any objects. You can update the object with new settings, or create the object if it doesn’t exist. Update – A yellow icon, as in: Warning! You might overwrite something. Note: if you go to the common tab and choose the option to “ Remove this item when it is no longer applied” then the action will automatically be changed to Replace. If using this during migrations, for example when shared folders and mapped network drives are moving from an older file server to a newer one, then be sure to switch it to Update after you are done migrating (so that you don’t have the GPO deleting and recreating this object periodically later down the road). No matter what, you are getting this new object. Replace – Unlike it’s friendlier cousin (above), Replace has an angry red icon and will not only create new objects, but destroy old ones, too. So I almost never use this Create option in practice. It’s great if you’re deploying brand new objects that have never been in the environment before, but as we will see, Update has the same net result in that case, and it allows you to perform updates to the same object later on. You might not get your objects to show up, or you could get duplicate objects, depending on the situation. But if you’re trying to use this during a migration, you might not get the result you want. Otherwise, if it does exist, then do nothing. If this mapping or connection does not exist, then create it. Green is Good! Right? Green actually indicates that this action is very low impact and low risk–it’s a “safe” move. I also think a lot of people who have to do migrations infrequently have this question: “ If I am migrating a file share or a printer connection, should I use Create, Replace or Update? Do I need to throw a Delete policy in for the old mappings/connections?” Let me try to answer these concerns now:Ĭreate – You will notice this option comes with a green icon. Even Googling this topic and reading in the forums on various answers can be frustrating, to say the least. To clear it up, here is a quick run-down of CRUD (Create, Replace, Update or Delete). One of the areas of confusion that I often run across is IT admins not knowing when to use which setting, and why. What a mistake! Once I learned the cause for so many of those issues tended to be poor setup, execution or migration techniques, I started to change my own practices. Early on (like a decade ago) when I first started running into clients who were having issues with Group Policy Preferences, I usually just scoffed, and reverted them back to what I knew and was comfortable with. Historically, when I migrate clients from a legacy system such as Windows Server 2003 or 2008 to something newer, I tended to leave well enough alone, so to speak, and just update existing logon scripts, batch files or what have you.īut, while those old methods work great for stuff like mapping network drives or deploying printer connections, they just aren’t as flexible, and do not offer the same level of control (or ease of maintenance) as some of the newer tools. I have to admit: I don’t use Group Policy Preferences as much as I probably should.
0 Comments
Leave a Reply. |