Wednesday 15 November 2017

Deploying Powershell Scripts with Group Policy

I have written quite a few Powershell tools for Skype for Business and some of these might be tools that people want to use on a regular basis across their Front End servers. People may want to deploy so that others within the administrative team can also use them in a simple and centrally managed way. So I thought I would write a blog post that explains a simple way to centrally deploy scripts out to multiple servers so they are easily accessible to yourself and other team members.
The method described below uses Active Directory Group Policy to control the deployment Powershell scripts across a number of Skype for Business Front End servers.

Step 1: Create a central file share where you will be storing the script files that you would like to have available on your Front End servers. In this case I created a folder named Scripts where I placed a Powershell script.

Step 2: Share the folder (Right Click on Folder-> Properties -> Sharing Tab -> Sharing…). In this case I have given Read access to everyone.

Step 3: In Active Directory Users and Computers create an OU for your Skype for Business servers. In this case I have created an OU called SfBServers and have moved all of the Skype for Business Front Ends Computer Objects to this OU.

Step 4: Open Active Directory Group Policy Management (gpmc.msc) and Right Click the SfBServers OU and “Create a GPO in this domain, and Link it here…”.

Step 5: Give the New GPO a name. In this case I have called the GPO “PowershellScripts”.

Step 6: Right Click the PowershellScripts GPO and select “Edit…”.

Step 7: Open Computer Configuration -> Preferences -> Windows Settings, Right Click Shortcuts and select New -> Shortcut.

Step 8: Fill in the shortcut properties as described below.

Action: Update
Name: VVX Manager
Target type: File System Object
Location: All Users Desktop
Target path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Arguments: -WindowStyle Hidden -nologo -executionpolicy bypass -command "& \\ServerHostName\Scripts\Skype4B-Lync-PolycomVVXManager2.21.ps1"
Icon file path: %SystemRoot%\system32\SHELL32.dll
Icon index: 24

Powershell Arguments Breakdown:
-WindowStyle: This argument is being used to supress the Powershell window from being displayed when the script is run. I am using this deliberately because the script I am using this for has its own Windows Forms GUI that will be displayed and the Powershell window is not required. This will give the script the feeling of being more like an application.
-NoLogo: Tells the Powershell window to not show the Copyright banner - to make it that little bit quicker (or maybe not… but you never know…).
-ExecutionpPolicy: This is set to “bypass” in order to avoid the Windows server execution policy defaults that may block the script from running on the server.
-Command: Specifies the command text to execute as though it were typed at the PowerShell command prompt. In this case we are selecting to open the script file from the share that we created in Steps 1-2. You can also include any arguments for the script here if they are required.

For the Icon selection, when you click the ellipse you will get an Icon picker with  many icons to choose from. Choose the one that makes most sense for the script you are using.

Step 9: Now on the Front End server run “gpupdate /force” to get the new Group Policy pushed down to the server:

You should now get a new shortcut on the Desktop of the server that matches the one that you made in Group Policy. When you double click it you will see a command window for a second (if you chose the Window Style as Hidden like in this example) and then the Powershell GUI will be displayed:

It’s that easy! Now you can package your favourite scripts and centrally manage the version used by all users across all your servers.

The Wrap Up

I hope you found this post useful and that it allows you a better experience in using and managing your favourite Powershell scripts on your servers. Enjoy!

Read more →

Popular Posts