How to use Group Policy Modeling
Published December 30, 2023 by Danny Moran
Table of Contents
Introduction
Learn how to use Group Policy Modeling to simulate which policies will be applied to users and computers. In this example, I show you how to use the Group Policy Modeling Wizard to create a model which will show exactly which group policies and settings will be applied to users and computers.
Video
Create a Group Policy Model
Open the Group Policy Management Console.
Note: You can run
gpmc.msc
to open the management console.Expand the forest and select Group Policy Modeling.
Right-click Group Policy Modeling and select Group Policy Modeling Wizard.
Select Next to skip the welcome slide.
Select a domain controller you want to run the wizard on and select Next.
Note: If you have recently made changes to the group policy objects, select the domain controller you were connected to as you may get incorrect results if the wizard is run before the group policies are replicated to the other domain controllers.
Under User information, select User and then select Browse and then enter the username of the user account you want to run the simulation for.
Note: You can run this wizard against organisational units by selecting container, and then select browse and then select the organisational unit that you want to run the simulation for.
Under Computer information, select Computer and then select Browse and then enter the username of the user account you want to run the simulation for.
Note: You can run this wizard against organisational units by selecting container, and then select browse and then select the organisational unit that you want to run the simulation for.
Once you have selected the user object and computer object you want to run the simulation for, select Next.
Note: You can tick the box to skip the reset of the wizard and use the default settings for the wizard. I recommend running through the full wizard at least once so you can see the options available and what the default settings are set to.
For the Advanced Simulation Options, you can simulate;
- Slow network connections (for example, a dial-up connection)
- Loopback processing (either in Replace mode, or Merge mode)
- Which Active Directory site the user or computer is part of.
Select the options you want, or you can leave these settings blank and press Next.
For the Alternate Active Directory Paths, you can simulate what will happen if the user object or computer object is moved to a different Active Directory organisational unit. By default, this will be filled in with the Distinguished Names or the organisational unit the current user object and computer object is contained within.
If you want to change this path, select Browse and then select the organisational unit you want to simulate.
Select the options you want, or you can leave these settings as default and press Next.
For the User Security Groups, you can simulate what will happen if you change what security groups the user account is a member of. By default, this will automatically populate with the selected users group membership. You can add or remove any groups the user is a member of to simulate what will happen when the group membership changes.
Select the options you want, or you can leave these settings as default and press Next.
Note: This doesn’t update the live Active Directory group membership, this just simulates what will happen. No changes will be made to the user account group membership by adding or removing groups within this wizard.
For the Computer Security Groups, you can simulate what will happen if you change what security groups the computer account is a member of. By default, this will automatically populate with the selected computers group membership. You can add or remove any groups the computer account is a member of to simulate what will happen when the group membership changes.
Select the options you want, or you can leave these settings as default and press Next.
Note: This doesn’t update the live Active Directory group membership, this just simulates what will happen. No changes will be made to the computer account group membership by adding or removing groups within this wizard.
For the Summary of Selections, this will cover what the simulation is going to cover. If you are happy with the settings, select Next to create and start the simulation.
Once the simulation has finished, select Finish to close the simulaton wizard.
The simulation results should automatically open, however, if they don’t, expand Group Policy Modeling, and your newly created simulation should appear.
Select the simulation, and then you can view the Summary, Details, and Query by selecting the corresponding tab in the navigation bar.
Additional Information
Multiple models can be stored within Group Policy at once. You can right-click Group Policy Modeling and select Group Policy Modeling Wizard to create a new simulation, and the new simulations will appear next to the existing ones.
You can re-run an existing simulation to update the contents by right-clicking the simulation and then pressing Rerun Query.