Using Group Policies, you can automatically copy specific files or folders to all domain computers. You can place files to the Desktop, a user profile folder or any other directory on a local drive. Using GPO, you can automatically copy or update different configuration files, INI files, EXE files, DLL libraries or scripts from a shared repository.
For example, I want to copy two files (app.exe
and settings.xml
) to the desktops of some Active Directory domain users.
First of all, create a shared folder to keep source files to be copied to user computers. It may be a shared network folder on a dedicated file server or the SYSVOL directory on a domain controller (this folder is automatically replicated between all DCs in the domain using DFS, it is convenient to use it since it helps to reduce the load on the WAN links). I have placed the files to the Sysvol folder: \\itspyworld.com\SYSVOL\itspyworld.com\scripts\CorpApp
. Make sure that the Authenticated Users group has read permissions on this folder.
- Create a new Active Directory security group – CorpAPPUsers. You can create a group using this PowerShell cmdlet:
New-ADGroup CorpAPPUsers -path 'OU=Groups,OU=DE,dc=itspyworld,DC=com' -GroupScope Global -PassThru –Verbose
Add users to the group to whose desktop you want to automatically copy files through the GPO:Add-AdGroupMember -Identity CorpAPPUsers -Members asmith, bmuller, tweber
- Open the Group Policy Management console (
gpmc.msc
); - Create a new GPO object (CopyCorpApp) and link it to the OU that contains users’ computers;
- Go the GPO edit mode (
Edit
); - Expand the following Group Policy Preferences section: User Configuration –> Preferences -> Windows Settings -> Files;If you want to copy files on all computers, it is better to use a similar policy in the Computer Configuration section of GPO.
- Select New –> File;
- Specify a source file in the shared network folder and the target directory on a computer you want to copy the file to.You can select the specific file here or copy all files from the directory at once by putting
*
. - 4 actions are available for copying files using GPO:
Create – a file is copied to a target directory only if the file doesn’t exist in it;
Replace – a target file on a user computer is always replaced by a source file;
Update (a default policy) – if a file already exists, it is not replaced with the source file;
Delete – delete the target file. - You can choose a specific folder on a computer as a target directory or use environment variables. To copy files to the current user Desktop, use
%DesktopDir%
- To copy files to the desktops of the specific users, open the Common tab in the policy settings, enable the Item-Level Targeting option and click Targeting;
- In the next window, you can select more options of how to apply the GPO. In my case, I would like to restrict the policy to CorpAPPUsers group members only. To do it, click New Item -> Security Group and select a domain user group;
- Since we have linked the GPO to the Organizational Unit containing computers (instead of users), GPO loopback processing mode must be enabled: check Configure user Group Policy loopback processing mode = Merge in Computer Configuration -> Policies -> Administrative Templates -> System -> Group Policy;
- Then update Group Policy settings on client computers (
gpupdate /force
or log off and log on again) and make sure that two files have automatically been copied to the Desktop.
Using this method, you can copy scripts, executable application files or system tools (PsTools, iperf, Portqry, etc.) to user computers. You can copy a file to Program Files and place a shortcut for it on the Desktop using GPO.
I would like to tell a couple of words about copying folders using GPO. GPO doesn’t have a built-in features to copy folder with all its contents. Instead of it, you can use Computer (User) Configuration –> Preferences -> Windows Settings -> Folders policy that allows you to create a folder on a target computer. Then use the scenario described above to copy files to it.
0 Comments