Execute the AirWatch GPO Migration Tool

The bulk of this exercise will be completed from the SCCM Server, where we will utilize the AirWatch GPO Migration Tool to deploy our modified local policies to other devices.

We will now execute the GPO Migration script to to deploy our modified local policies to other devices via AirWatch.

The GPO Migration script has already been downloaded and included for you on the Desktop of your SCCM Server under the GPO Migration folder.  Outside of the lab, this script is available for download at https://code.vmware.com/samples.

1. Setup the GPO Migration PowerShell Script

  1. Click the File Explorer icon from the task bar.
  2. Click Documents.
  3. Click HOL.
  4. Click GPO Migration.
  5. Right-click the Migrate-GPO-AirWatch.ps1 file.
  6. Click Run with Powershell.

1.1. Note the LGPO.exe Requirement

  1. Notice that the PowerShell terminal outputs a warning stating that the LGPO.exe file is required.  LGPO.exe will be utilized to capture and package your local policies, so our first step will be to download the LGPO.exe from the provided link.
  2. The link to the Microsoft Security Compliance Toolkit is available in the output for easy reference.
  3. Click Close for the Windows PowerShell window.

For the purposes of this exercise, the LGPO.exe file has already been downloaded for you.  You will now move the LGPO.exe file into the project folder as you would need to do when downloading the tool to meet the dependency requirements.

2. Copy the LGPO.exe File to the GPO Tool Folder

NOTE - The LGPO.exe file is only available on the sccm-01a server!  If you are not connected to the sccm-01a server, please refer to the instructions at the beginning of the lab for how to connect and continue with these steps once you have connected!

  1. Click the File Explorer icon from the task bar.
  2. Click Documents.
  3. Click HOL.
  4. Click LGPO.
  5. Right-click the LGPO.exe file.
  6. Click Copy.

2.1. Paste the LGPO.exe file in the GPO Migration Folder

  1. Click the GPO Migration folder.
  2. Right-click within the folder and click Paste.

3. Execute the GPO Migration PowerShell Script After Setup

  1. Confirm that the LGPO.exe file exists in the GPO Migration folder now alongside Migrate-GPO-AirWatch.ps1.
  2. Right-click the Migrate-GPO-Airwatch.ps1 file.
  3. Click Run with PowerShell.

3.1. Confirm GPO Migration PowerShell Script Starts Successfully

Once the LGPO.exe file is included, the GPO Migration script will initialize and present the Task selection input for further use.  Confirm that you no longer see output prompting for the LGPO.exe file to be included in the folder and then continue to the next step.

4. Modify Local GPO Settings

Before proceeding, we will modify our local GPO so that we can capture and distribute these changes to other devices to confirm that our deploy was successful.

  1. Right-click the Windows icon.
  2. Click Run.

4.1. Launch Local Group Policy Editor

You will launch the Local Group Policy Editor to make the policy changes.

  1. Enter gpedit.msc.
  2. Click OK
  1. Click Computer Configuration.
  2. Click Administrative Templates.
  3. Click System.
  4. Click Power Management.
  5. Double-click the Select an Active Power Plan policy.

4.3. Select Active Power Plan

  1. Select Enabled.
  2. Select High Performance as the Active Power Plan.
  3. Click OK.

We will use this local GPO as a reference on our enrolled devices to ensure that our captured policies applied correctly.

5. Capture GPO Backups

  1. Return to the PowerShell Terminal by clicking PowerShell icon on the task bar.
  2. At the Task prompt, enter 2 and press ENTER.
  3. Confirm that the output shows that the local GPO was captured after task finishes.

6. View GPO Backups

From the PowerShell prompt, enter 1 and press ENTER to view the list of GPO backups.

6.1. Confirm Captured GPO Backup Displays

  1. Any captured or copied GPO backups placed in the expected directory (/GPO Backups) are displayed here.  Notice that the GPO backup you just took is available in this list.
  2. Click OK to close the window.

7. Using External GPO Backups

If you have previously captured GPO backups that you want to use with this tool, you can include these in the /GPO Backups folder of the root directory of the GPO Migration tool. Any GPO backups available in the /GPO Backups folder will display as selectable GPOs for Option 1 (Viewing GPOs) and option 3 (Uploading GPOs to AirWatch).

  1. Click the File Explorer icon from the task bar.
  2. Click Documents.
  3. Click HOL.
  4. Click Security GPO Backups.
  5. Select all of the folders within the Security GPO Backups folder and right-click.
  6. Click Copy.

7.2. Paste the Security GPO Backups in the GPO Backups folder

  1. Click GPO Migration.
  2. Click GPO Backups.
  3. Right-click within the GPO Backups folder.
  4. Click Paste to insert the Security GPO Backup folders that were previously copied.

7.3. View GPO Backups from the Tool

  1. Return to the PowerShell Terminal by clicking PowerShell icon on the task bar.
  2. At the Task prompt, enter 1 and press ENTER to view the list of available GPO Backups again.

7.4. Confirm the Security GPO Backups Are Listed

  1. Confirm that the 4 Security GPO Backups that were copied into the GPO Backups folder now display alongside the local GPO capture that was taken previously for a total of 5 GPO Backups.
  2. Click OK to close the dialog.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.