Execute the AirWatch GPO Migration Tool

The bulk of this exercise will be completed from the SCCM Server, where we will utilize the AirWatch GPO Migration Tool to deploy our modified local policies to other devices.

We will now execute the GPO Migration script to to deploy our modified local policies to other devices via AirWatch.

The GPO Migration script has already been downloaded and included for you on the Desktop of your SCCM Server under the GPO Migration folder.  Outside of the lab, this script is available for download at https://code.vmware.com/samples.

1. Setup the GPO Migration PowerShell Script

  1. Click the File Explorer icon from the task bar.
  2. Click Desktop.
  3. Click GPO Migration.
  4. Right-click the Migrate-GPO-AirWatch.ps1 file.
  5. Click Run with Powershell.

1.1. Note the LGPO.exe Requirement

  1. Notice that the PowerShell terminal outputs a warning stating that the LGPO.exe is required.  LGPO.exe will be utilized to capture and package your local policies, so our first step will be to download the LGPO.exe from the provided link.
  2. Copy the link to the Microsoft Security Compliance Toolkit by highlighting the link and then right-clicking.
  3. Press Enter or click the Close button to exit the PowerShell window.

2. Download the Microsoft Security Compliance Toolkit

  1. Click the Google Chrome icon from the task bar.
  2. Click the Setting button.
  3. Click New Tab.
  4. Right-click the Navigation bar.
  5. Click Paste and go.

2.1. Download the Microsoft Security Compliance Toolkit

  1. Scroll down to find the Microsoft Security Compliance Toolkit 1.0 download button.
  2. Click Download.

2.2. Download the LGPO.zip

  1. Click to select the LGPO.zip download.
  2. Click Next.

2.3. Open the LGPO.zip File Location

  1. Click the arrow on the LGPO.zip file from the download bar.
  2. Click Show in folder.

2.4. Extract the LGPO.zip Contents

  1. Click the LGPO.zip file.
  2. Click Extract All...

2.5. Choose File Extraction Destination

Click Browse...

2.6. Select the GPO Migration Folder from the Desktop

  1. Click the GPO Migration folder.
  2. Click OK.

2.7. Exact LGPO.zip to the GPO Migration folder

  1. Confirm that the extraction location is C:\Users\administrator.CORP\Desktop\GPO Migration.
  2. Enable the Show extracted files when complete option.
  3. Click Extract.

3. Execute the GPO Migration PowerShell Script After Setup

  1. Right-click the Mmigrate-GPO-Airwatch.ps1 file.
  2. Click Run with PowerShell.

3.1. Confirm GPO Migration PowerShell Script Starts Successfully

Once the LGPO.exe file is included, the GPO Migration script will initialize and present the Task selection input for further use.  Confirm that you no longer see output prompting for the LGPO.exe file to be included in the folder and then continue to the next step.

4. Modify Local GPO Settings

Before proceeding, we will modify our local GPO so that we can capture and distribute these changes to other devices to confirm that our deploy was successful.

  1. Right-click the Windows icon.
  2. Click Run.

4.1. Launch Local Group Policy Editor

To launch the Local Group Policy Editor, enter gpedit.msc and click OK.

  1. Click Computer Configuration.
  2. Click Administrative Templates.
  3. Click System.
  4. Click Power Management.
  5. Double-click the Select an Active Power Plan policy.

4.3. Select Active Power Plan

  1. Select Enabled.
  2. Select High Performance as the Active Power Plan.
  3. Click OK.

We will use this local GPO as a reference on our enrolled devices to ensure that our captured policies applied correctly.

5. Capture GPO Backups

  1. Return to the PowerShell Terminal by clicking PowerShell icon on the taskbar.
  2. At the Task prompt, enter 2 and press enter.
  3. Confirm that the output shows that the local GPO was captured after task finishes.

6. View GPO Backups

From the PowerShell prompt, enter 1 and press enter to view the list of GPO backups.

6.1. Confirm Captured GPO Backup Displays

  1. Any captured or copied GPO backups placed in the expected directory (/GPO Backups) are displayed.  Notice that the GPO backup we just took is available in this list.
  2. Click OK to close the window.

7. Using External GPO Backups

If you have previously captured GPO backups that you want to use with this tool, you can include these in the /GPO Backups folder of the tool directory. Any GPO backups available in the /GPO Backups folder will display as selectable GPOs for Option 1 (Viewing GPOs) and option 3 (Uploading GPOs to AirWatch).

  1. Click the File Explorer icon from the taskbar.
  2. Click Desktop.
  3. Click Security GPO Backups.
  4. Select all of the folders within the Security GPO Backups folder and right-click.
  5. Click Copy.

7.2. Paste the Security GPO Backups in the GPO Backups folder

  1. Click Desktop.
  2. Click GPO Migration.
  3. Click GPO Backups.
  4. Right-click within the GPO Backups folder.
  5. Click Paste to insert the Security GPO Backup folders that were previously copied.

7.3. View GPO Backups from the Tool

  1. Return to the PowerShell Terminal by clicking PowerShell icon on the taskbar.
  2. At the Task prompt, enter 1 and press enter to view the GPO Backups again.

7.4. Confirm the Security GPO Backups Are Listed

  1. Confirm that the 4 Security GPO Backups that were copied into the GPO Backups folder now display alongside the local GPO capture that was taken previously for a total of 5 GPO Backups.
  2. Click OK to close the dialog.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.