I’m sitting in O’Hare enjoying my 3 hour layover as I get
ready to teach a Windows 10 class in Fort Wayne. I’m actually prepping for my class in Fort
Wayne in a few weeks, 10982 Supporting and Troubleshooting Windows 10. This class is very much like the Windows 7
version that I used to teach so I decided to up the detail quite a bit. In the GPO troubleshootin chapter, I’m
including a demonstration on how to use PowerShell’s Invoke-GPUpdate. I needed to make sure the environment is set
up for me to be able to utilize this cmdlet.
If you read the Notes section on Invoke-GPUpdate’s help file, you will
see there are three firwall rules that need to be in place:
- Remote Scheduled Tasks Management (RPC)
- Remote Scheduled Tasks Management (RPC-ERMAP)
- Windows Management Instrumentation (WMI-IN)
I decided to create a little PowerShell script to create
this GPO and link it up to the domain.
Here are the steps to create this GPO and link it to your
domain. My test domain is PowerIT.Com so you
will need to adjust the code for your domain.
New-GPO -Name
"AllowPowerShellGPUpdate" `
-Comment
"Sets the firewall rules to allow
Invoke-GPUpdate to work" `
-Verbose
# Create A GPO Session to reduce the load on the DC.
$GPO = Open-NetGPO
-PolicyStore PowerIT.com\AllowPowerShellGPUpdate
# Set the new firewall rules.
New-NetFirewallRule -DisplayName “Remote
Scheduled Tasks Management (RPC)” `
-Direction
Inbound `
–Protocol
TCP `
-Action
Allow `
-GPOSession
$GPO `
-Profile
Domain
New-NetFirewallRule -DisplayName “Remote
Scheduled Tasks Management (RPC-ERMAP)” `
-Direction
Inbound `
–Protocol
TCP `
-Action
Allow `
-GPOSession
$GPO `
-Profile
Domain
New-NetFirewallRule -DisplayName “Windows
Management Instrumentation (WMI-IN)” `
-Direction
Inbound `
–Protocol
TCP `
-Action
Allow `
-GPOSession
$GPO `
-Profile
Domain
# Commit the GPO settings
Save-NetGPO -GPOSession
$GPO
Comments