A quick story to a perfect reason as to why I started a home lab. Although it is not quite what I want, it gets the job done. As it stands I currently do not have a job in I.T. I have always played around for years with different technologies and programming languages but never professionally held a job due to my path in the Military. In my current role I am within ear shot of others who are in I.T. One who is a contractor, the other two being active duty. I take pride in the days I understand what they are saying or the days that I provide some form of input on a problem they are running into.
A few days ago we all received a email from the base I.T squadron. In this email it was instructions on how to update group policy immediately. Pictures showing CMD and how to input the command gpupdate /force. I immediately thought to myself what can I do to replicate this scenario at home? How can I provide a different solution? The home lab allows me to learn. I currently only have a server with a few VM’s, one of which being Windows Server. That night I went home and hopped into the VM and played around.
I started with the idea of running a login script under a GPO.
Doing this I then learned that Powershell ISE is super convenient. Allowing me to create a script and run it in the same application. The script was super simple so not necessary. Saving the file in notepad with .ps1 extension is what I used at first. Doing this I also played around with creating a new OU. After doing so and adding a user to the new OU I also created a new Group Policy. To my understanding a safe practice is to not alter the default GP, which makes sense to me. Creating a GP for the new changes will only make it easier to manage later on.
After doing all that I went ahead and booted up my Windows 10 VM with a GP hiding all drives. This was to show me that the login script was working. I would then unhide the drives, turn off the script and log back in to see the difference. I then started doing more research and realized this:
In other words there does not seem to be a need for a login script for gpupdate. With some more playing around I also learned that remotely from the domain controller I can just execute a command using powershell. This would be particulary useful in a helpdesk situation. For instance the other day a member from the office could not get a particular application to work. To execute a powershell session with the computer you can just do something like this:
Or if we wanted to execute a script remotely we can do something like this:
I did have some troubles executing a gpupdate /force script. It seemed to run everytime but would only refresh upon logging off/on. When I have some more time I would like to find a defintivie solution to forcing a gpUpdate remotely.
The purpose of this discussion was to highlight why I love having a virtual environment, a Home Lab. I can learn whatever I want. I can break and fix anything without having to worry. Overtime I hope to grow this lab into something so much more. I plan to also do a instructional post soon and video regarding how I setup a Minecraft Server on Ubuntu within my Lab. This little project has also helped me learn so much. As always, Never Stop Learning.