powershellgpodomaincontroller

Edit/Add GPO on DC via Powershell

I'm given the task to migrate all the printers installed on workstations via GPO to another server. As for now all printers are installed in a local decentralized Distribution Point, we want to move on a centralized Distribution Point/Print Server. On mine DC, via Group Policy Management Editor, I've a lot of printers in

Computer Configuration\Preferences\Control Panel Settings\Printers

All printers are mapped from \DP00x\Printer and given a local name.

What i want to change is the \DP00x to \CentralDP01\Printer in the GPO.

I've managed via powershell to create all printer ports, install all printers and publish/list in the directory all of them. Given that they are more than 100, I wish to automate the process to edit the GPO editing, so that i don't need to open each policy and each printer to modify the destination.

I've tried the cmdlet Get-GPRegistryValue because I know (at least) that printers are installed on HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers

but i get this error every time:

Get-GPRegistryValue : The following Group Policy registry setting was not found: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers".
Parameter name: keyPath
At line:1 char:1
+ Get-GPRegistryValue -Guid 6b464ed9-66c8-47fa-8327-1fe9b074a0d7 -Key H...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (Microsoft.Group...tryValueCommand:GetGPRegistryValueCommand) [Get-GPRegistryValue], ArgumentException
    + FullyQualifiedErrorId : UnableToRetrievePolicyRegistryItem,Microsoft.GroupPolicy.Commands.GetGPRegistryValueCommand

I tried as well Get-GPPrefRegistryValue

Get-GPPrefRegistryValue -Context Computer -Guid 6b464ed9-66c8-47fa-8327-1fe9b074a0d7 -Key HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers

But error looks the same:

Get-GPPrefRegistryValue : The Preference registry setting "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers" was not found in the 
"x-x-x-x-x-x" GPO in the x-x-x-x-x-x-x.com domain.
Parameter name: keyPath
At line:1 char:1
+ Get-GPPrefRegistryValue -Context Computer -Guid 6b464ed9-66c8-47fa-83 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (Microsoft.Group...tryValueCommand:GetGPPrefRegistryValueCommand) [Get-GPPrefRegistryValue], ArgumentException
    + FullyQualifiedErrorId : UnableToRetrievePreferenceRegistryItem,Microsoft.GroupPolicy.Commands.GetGPPrefRegistryValueCommand

I found a workaround. Backup the GPO, manually edit the XML with the new value and import back the GPO. I don't fancy the idea of manually editing because it can lead to errors and with over 100+ GPOs I can have alot of errors. Can anyone help me? Maybe i'm using the wrong commands, but so far documentations state to use GPO Module.

Solution

  • Unfortunately the GroupPolicy commands are limited to registry key settings only, and printer-preferences fall outside that. You can safely edit the live GPO xml files themselves though (or use Backup-GPO/Restore-GPO).

    If you're only replacing the server name, this should work fine. Try it on a test GPO, updating the path as needed:

    $guid = (Get-GPO -Name 'Test GPO')

# Check the GPO version before changes:
Get-GPO -guid $guid

$domain = 'domain.com'
$path = "\\$domain\SYSVOL\$domain\Policies\{$guid}\User\Preferences\Printers\Printers.xml"

# Update the path in the GPO xml:
(Get-Content $path -Raw) -replace 'DP00x','CentralDP01' | Set-Content $path

# Validate the GPO version/change date have updated - might take a while if xml is on a different DC:
Get-GPO -guid $guid