Hi. I got a script that creates OU structure and creates all the groups when we set up new environments.
I was hoping I could expand this script to also automate GPO creation. However I've encountered an issue with setting a GPO group's permission for 'Apply Group Policy' to 'Deny'. The documentation for the Powershell GPO module (GPO cmdlet) doesn't seem to offer this option:
-PermissionLevel <GPPermisssionType>
Specifies the permission level to set for the security principal. The valid permission levels are: GpoRead, GpoApply, GpoEdit, GpoEditDeleteModifySecurity or None.
Found here: http://technet.microsoft.com/en-us/library/ee461038.aspx
Found a similar thread regarding this issue:
http://social.technet.microsoft.com/Forums/hu/winserverGP/thread/e73ac37d-ef01-40c9-8708-ba37012be075
Does anyone know if there's a way to set permission to Deny using powershell or know anything related to this issue? A confirmation that it isn't possible and/or info when it will become available in future update would also be great.