DomainManagement

1.0.22

internal/functions/groupPolicy/Install-GroupPolicy.ps1

                                function Install-GroupPolicy

{

    <#

    .SYNOPSIS

        Uses PowerShell remoting to install a GPO into the target domain.

    .DESCRIPTION

        Uses PowerShell remoting to install a GPO into the target domain.

        Installation does not support using a Migration Table.

        Overwrites an existing GPO, if one with the same name exists.

        Also includes a tracking file to detect drift and when an update becomes necessary.

    .PARAMETER Session

        The PowerShell remoting session to the domain controller on which to import the GPO.

    .PARAMETER Configuration

        The configuration object representing the desired state for the GPO

    .PARAMETER WorkingDirectory

        The folder on the target machine where GPO-related working files are stored.

        Everything inside this folder is subject to deletion.

    .EXAMPLE

        PS C:\> Install-GroupPolicy -Session $session -Configuration $testItem.Configuration -WorkingDirectory $gpoRemotePath -ErrorAction Stop

        Installs the specified group policy on the remote system connected to via $session.

    #>

    [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseShouldProcessForStateChangingFunctions", "")]

    [CmdletBinding()]

    Param (

        [System.Management.Automation.Runspaces.PSSession]

        $Session,

        [PSObject]

        $Configuration,

        [string]

        $WorkingDirectory

    )

    begin

    {

        $timestamp = (Get-Date).AddMinutes(-5)

        $stopDefault = @{

            Target = $Configuration

            Cmdlet = $PSCmdlet

            EnableException = $true

        }

    }

    process

    {

        Write-PSFMessage -Level Debug -String 'Install-GroupPolicy.CopyingFiles' -StringValues $Configuration.DisplayName -Target $Configuration

        try { Copy-Item -Path $Configuration.Path -Destination $WorkingDirectory -Recurse -ToSession $Session -ErrorAction Stop -Force }

        catch { Stop-PSFFunction @stopDefault -String 'Install-GroupPolicy.CopyingFiles.Failed' -StringValues $Configuration.DisplayName -ErrorRecord $_ }

        Write-PSFMessage -Level Debug -String 'Install-GroupPolicy.ImportingConfiguration' -StringValues $Configuration.DisplayName -Target $Configuration

        try {

            Invoke-Command -Session $session -ArgumentList $Configuration, $WorkingDirectory -ScriptBlock {

                param (

                    $Configuration,

                    $WorkingDirectory

                )

                try {

                    $domain = Get-ADDomain -Server localhost

                    $paramImportGPO = @{

                        Domain           = $domain.DNSRoot

                        Server           = $env:COMPUTERNAME

                        BackupGpoName  = $Configuration.DisplayName

                        TargetName     = $Configuration.DisplayName

                        Path           = $WorkingDirectory

                        CreateIfNeeded = $true

                        ErrorAction    = 'Stop'

                    }

                    $null = Import-GPO @paramImportGPO

                }

                catch { throw }

            } -ErrorAction Stop

        }

        catch { Stop-PSFFunction @stopDefault -String 'Install-GroupPolicy.ImportingConfiguration.Failed' -StringValues $Configuration.DisplayName -ErrorRecord $_ }

        Write-PSFMessage -Level Debug -String 'Install-GroupPolicy.ReadingADObject' -StringValues $Configuration.DisplayName -Target $Configuration

        try {

            $policyObject = Invoke-Command -Session $session -ArgumentList $Configuration -ScriptBlock {

                param ($Configuration)

                Get-ADObject -Server localhost -LDAPFilter "(&(objectCategory=groupPolicyContainer)(DisplayName=$($Configuration.DisplayName)))" -Properties Modified, gPCFileSysPath -ErrorAction Stop

            } -ErrorAction Stop

        }

        catch { Stop-PSFFunction @stopDefault -String 'Install-GroupPolicy.ReadingADObject.Failed.Error' -StringValues $Configuration.DisplayName -ErrorRecord $_ }

        if (-not $policyObject) { Stop-PSFFunction @stopDefault -String 'Install-GroupPolicy.ReadingADObject.Failed.NoObject' -StringValues $Configuration.DisplayName }

        if ($policyObject.Modified -lt $timestamp) { Stop-PSFFunction @stopDefault -String 'Install-GroupPolicy.ReadingADObject.Failed.Timestamp' -StringValues $Configuration.DisplayName, $policyObject.Modified, $timestamp }

        Write-PSFMessage -Level Debug -String 'Install-GroupPolicy.UpdatingConfigurationFile' -StringValues $Configuration.DisplayName -Target $Configuration

        try {

            Invoke-Command -Session $session -ArgumentList $Configuration, $policyObject -ScriptBlock {

                param (

                    $Configuration,

                    $PolicyObject

                )

                $object = [PSCustomObject]@{

                    ExportID = $Configuration.ExportID

                    Timestamp = $PolicyObject.Modified

                }

                $object | Export-Clixml -Path "$($PolicyObject.gPCFileSysPath)\dm_config.xml" -Force -ErrorAction Stop

            } -ErrorAction Stop

        }

        catch { Stop-PSFFunction @stopDefault -String 'Install-GroupPolicy.UpdatingConfigurationFile.Failed' -StringValues $Configuration.DisplayName -ErrorRecord $_ }

        Write-PSFMessage -Level Debug -String 'Install-GroupPolicy.DeletingImportFiles' -StringValues $Configuration.DisplayName -Target $Configuration

        Invoke-Command -Session $session -ArgumentList $WorkingDirectory -ScriptBlock {

            param ($WorkingDirectory)

            Remove-Item -Path "$WorkingDirectory\*" -Recurse -Force -ErrorAction SilentlyContinue

        }

    }

}