I was recently working with a customer who had a specific change control process around their Group Policy Objects (GPO). In order to fulfill their requirements, I created a GPO Configuration Item (CI) class in System Center 2012 Service Manager (SCSM). Then to make life easier, I created an Orchestrator Runbook to automatically populate the class with the GPOs from their environment. This blog post will show you how this works and how you can implement it in your environment. I have included a download that contains the management packs and runbook.

 

To begin, I created a management pack, using the Service Manager Authoring Tool. The management contains a custom Configuration Item Class, named Group Policy Objects, with the following properties.

 

Internal Name Name Data Type Key
ID ID string True
DomainName Domain Name string False
Owner Owner string False
GPOStatus GPO Status string False
Description Description string False
UserVersion User Version string False
ComputerVersion Computer Version string False
WMIFilter WMI Filter string False
CreationTime Creation Time datetime False
ModificationTime Modification Time datetime False

 

I then sealed and imported the management pack to Service Manager. Now that I had the class created it came time to populate it. Instead of doing a CSV import or adding the GPOs manually, I created an Orchestrator Runbook to automatically populate the data.

 

The runbook uses a PowerShell script to retrieve all of the Group Policy Objects in the domain. Then a second PowerShell script to return the details of each GPO. Next it formats the Creation Time and Modification Time to the SCSM datetime format (yyyy-MM-ddThh:mm:ss). Then it checks to see if the GPO is already in SCSM. If not it is added. If it is already present then the object is updated with the latest details.

 

image

 

As is, the runbook is designed to be run manually. However, you can create a schedule task or update it to use a Monitor Date/Time activity to schedule it to run periodically.

 

So how do you implement this in your environment? That is the easy part. Just download the zip file below. If contains the management pack (both sealed and unsealed), the runbook, and install instructions.

 

zip-128 SCSM GPO CI.zip