Overview

This guide will walk you through automating the process of forcing a Group Policy update on a target system using PowerShell and SCCM. Group Policy is a crucial component of Windows environments, allowing IT administrators to manage and configure operating systems, applications, and users’ settings in an Active Directory environment. The provided script helps streamline the process by packaging a PowerShell script into SCCM for easy distribution across multiple systems.

What the Script Does

This PowerShell script performs several key tasks:

  • Defines Variables: The script begins by defining variables, such as the script name, description, and the path where the script will be stored.
  • Loads SCCM PowerShell Module: It loads the SCCM PowerShell module required to interact with SCCM, setting the context to your SCCM site code.
  • Checks for Existing Packages: The script checks if an SCCM package with the specified name already exists. If found, it deletes the existing package to avoid conflicts.
  • Creates the Package Source Directory: If the specified directory for the script doesn’t exist, it creates it.
  • Generates the PowerShell Script: The script writes the actual command to force a Group Policy update (gpupdate /force) into a new PowerShell script file.
  • Creates the SCCM Package: The script creates a new SCCM package that includes the PowerShell script, specifying the package’s name, description, and source path.
  • Creates a Program for the Package: It then defines a program within the package, specifying the command line to execute the PowerShell script.
  • Distributes the Package: Finally, the script distributes the package to the specified distribution point in SCCM, making it ready for deployment across target systems.

This automation ensures that the Group Policy settings are immediately applied to the target systems, which is especially useful in environments where policy updates need to be enforced quickly.

PowerShell Script

# Define Variables
$ScriptName = "Force-Group-Policy-Update"
$ScriptDescription = "Forces an immediate update of Group Policy on the target system."
$PackageSourcePath = "C:\Scripts\$ScriptName"

# Load SCCM PowerShell Module
Import-Module "$($Env:SMS_ADMIN_UI_PATH)\..\ConfigurationManager.psd1" -Force
$SiteCode = "YourSiteCode"
cd "$SiteCode`:"

# Check if a package with the same name exists and delete it
$ExistingPackages = Get-CMPackage -Name $ScriptName -ErrorAction SilentlyContinue
if ($ExistingPackages) {
    foreach ($Package in $ExistingPackages) {
        Remove-CMPackage -Id $Package.PackageID -Force
    }
}

# Create the Package Source Directory if it does not exist
if (!(Test-Path -Path $PackageSourcePath)) {
    New-Item -ItemType Directory -Path $PackageSourcePath -Force
}

# Create the PowerShell script
$ScriptContent = @'
gpupdate /force
'@

$ScriptPath = "$PackageSourcePath\$ScriptName.ps1"
Set-Content -Path $ScriptPath -Value $ScriptContent

# Create the SCCM Package
$Package = New-CMPackage `
    -Name $ScriptName `
    -Description $ScriptDescription `
    -Path $PackageSourcePath

# Create a Program for the Package
$Program = New-CMProgram `
    -PackageName $ScriptName `
    -StandardProgramName $ScriptName `
    -CommandLine "powershell.exe -ExecutionPolicy Bypass -File $ScriptPath" `
    -ProgramRunType "WhetherOrNotUserIsLoggedOn"

# Distribute the Package to the Distribution Point but do not deploy
Start-CMContentDistribution `
    -PackageName $ScriptName `
    -DistributionPointName "YourDistributionPointName"

Instructions

  1. Set Variables: Customize the $ScriptName, $ScriptDescription, $PackageSourcePath, and other variable values according to your environment.
  2. Load SCCM PowerShell Module: Ensure the SCCM PowerShell module is correctly loaded and the site code is set.
  3. Check for Existing Packages: The script will check if a package with the same name already exists and remove it if necessary.
  4. Create Directory: If the directory for storing the script does not exist, it will be created automatically.
  5. Generate the PowerShell Script: The script content (gpupdate /force) will be saved to a file in the specified directory.
  6. Create SCCM Package and Program: The script will create a new SCCM package and program, which can be used to distribute and execute the PowerShell script.
  7. Distribute the Package: The package will be distributed to the specified Distribution Point, making it ready for deployment across target systems.

Tags:

#GroupPolicy #PowerShell #SCCM #Automation #ITAdmin