William Stanek: Applying Group Policy Preferences with CRUD

  • Article

William here. Up for continuing our discussion about Group Policy Preferences? Hope so, so here goes… Unlike Group Policy settings, which you set to an Enabled, Disabled, or Not Configured state, you configure most preferences by using one of four actions. These actions are: Create, Replace, Update, and Delete, which you can remember using the handy acronym C-R-U-D.

The Create action creates a preference if it doesn’t already exist. For example, you can use the Create action to create and set the value of a user environment variable called CurrentOrg on computers where it does not yet exist. If the variable already exists, the value of the variable will not be changed.

The Replace action creates preferences that don’t yet exist, or deletes and then creates preferences that already exist. For example, you can use the Replace action to replace a file on computers. If the file exists, Group Policy removes it from the target location, copies it from a specified source location, and then overwrites the existing file in a designated target location. If the file doesn’t exist, Group Policy simply copies it from the source location to the designated target location.

The Update action creates preferences that don’t yet exist or modifies preferences if they exist. For example, you can use the Update action to modify a local group on computers. If the local group exists, you are able to rename the group and update its settings with the settings you’ve defined for the preference item. This allows you to add users and groups as members while ensuring current membership in the group is not modified. However, as with many preferences, you have action modifiers, which act as additional update options, as well. With these update modifiers, you could choose to delete all member users, delete all member groups, or perform both actions.

The Delete action deletes preferences if they exist. For example, you could use the Delete action to delete a specified network share from computers. Action modifiers allow you to perform other tasks as well, such as deleting all regular shares, all hidden non-administrative shares, all administrative drive-letter shares, or any combination thereof.

So that’s CRUD and that’s how it works. Next up, I’ll look at special preferences for Control Panel. Then I’ll look at how you apply options common to all preference items.

William R. Stanek

williamstanek at aol dot com

Twitter at williamstanek