#requires -version 2.0 Function Set-GPOStatus { <# .Synopsis Set the status of a Group Policy Object .Description This command use the Group Policy module from Microsoft to update the status of a Group Policy Object (GPO). You can set the status to enable or disable nodes. This command uses switches to turn settings on or off. You can enable or disable all settings, or disable the user or computer nodes. The change is immediate. You can manually set the GPOStatus property of a Group Policy object, but you have to know the correct values to use and the change is direct. This command supports -Whatif. The command will not write anything to the pipeline unless you use -Passthru. .Example PS C:\> get-gpo MyGPO | Set-GPO -EnableAll .Example PS C:\> Set-GPO MyGPO -EnableAll -domain MyCo.local -whatif .Link Get-GPO .Inputs String or a Group Policy object .Outputs None or a Group Policy object if you use -Passthru .Notes Version : 1.0 Last Updated: 02/13/2013 Author : Jeffery Hicks (@JeffHicks) Read PowerShell: Managing Active Directory with PowerShell: TFM 2nd Ed. Learn Windows PowerShell 3 in a Month of Lunches Learn PowerShell Toolmaking in a Month of Lunches PowerShell in Depth: An Administrator's Guide **************************************************************** * DO NOT USE IN A PRODUCTION ENVIRONMENT UNTIL YOU HAVE TESTED * * THOROUGHLY IN A LAB ENVIRONMENT. USE AT YOUR OWN RISK. IF * * YOU DO NOT UNDERSTAND WHAT THIS SCRIPT DOES OR HOW IT WORKS, * * DO NOT USE IT OUTSIDE OF A SECURE, TEST SETTING. * **************************************************************** #> [cmdletbinding(SupportsShouldProcess)] Param( [Parameter(Position=0,Mandatory=$True,HelpMessage="Enter the name of a GPO", ValueFromPipeline,ValueFromPipelinebyPropertyName)] [Alias("name")] [ValidateNotNullorEmpty()] [Parameter(ParameterSetName="EnableAll")] [Parameter(ParameterSetName="DisableAll")] [Parameter(ParameterSetName="DisableUser")] [Parameter(ParameterSetName="DisableComputer")] [object]$DisplayName, [Parameter(ParameterSetName="EnableAll")] [Parameter(ParameterSetName="DisableAll")] [Parameter(ParameterSetName="DisableUser")] [Parameter(ParameterSetName="DisableComputer")] [string]$Domain, [Parameter(ParameterSetName="EnableAll")] [Parameter(ParameterSetName="DisableAll")] [Parameter(ParameterSetName="DisableUser")] [Parameter(ParameterSetName="DisableComputer")] [string]$Server, [Parameter(ParameterSetName="EnableAll")] [switch]$EnableAll, [Parameter(ParameterSetName="DisableAll")] [switch]$DisableAll, [Parameter(ParameterSetName="DisableUser")] [switch]$DisableUser, [Parameter(ParameterSetName="DisableComputer")] [switch]$DisableComputer, [Parameter(ParameterSetName="EnableAll")] [Parameter(ParameterSetName="DisableAll")] [Parameter(ParameterSetName="DisableUser")] [Parameter(ParameterSetName="DisableComputer")] [switch]$Passthru ) Begin { Write-Verbose -Message "Starting $($MyInvocation.Mycommand)" #define a hashtable we can for splatting $paramhash=@{ErrorAction="Stop"} if ($domain) { $paramhash.Add("Domain",$Domain) } if ($server) { $paramhash.Add("Server",$Server) } } #begin Process { #define appropriate GPO setting value depending on parameter Switch ($PSCmdlet.ParameterSetName) { "EnableAll" { $status = "AllSettingsEnabled" } "DisableAll" { $status = "AllSettingsDisabled" } "DisableUser" { $status = "UserSettingsEnabled" } "DisableComputer" { $status = "ComputerSettingsEnabled" } default { Write-Warning "You didn't specify a GPO setting. No changes will be made." Return } } #if GPO is a string, get it with Get-GPO if ($Displayname -is [string]) { $paramhash.Add("name",$DisplayName) Write-Verbose "Retrieving Group Policy Object" Try { write-verbose "Using Parameter hash $($paramhash | out-string)" $gpo=Get-GPO @paramhash } Catch { Write-Warning "Failed to find a GPO called $displayname" Return } } else { $paramhash.Add("GUID",$DisplayName.id) $gpo = $DisplayName } #set the GPOStatus property on the GPO object to the correct value. The change is immediate. Write-Verbose "Setting GPO $($gpo.displayname) status to $status" if ($PSCmdlet.ShouldProcess("$($gpo.Displayname) : $status ")) { $gpo.gpostatus=$status if ($passthru) { #refresh the GPO Object write-verbose "Using Parameter hash $($paramhash | out-string)" get-gpo @paramhash } } #should process } #process End { Write-Verbose -Message "Ending $($MyInvocation.Mycommand)" } #end } #end Set-GPOStatus