Ensuring custom GPO packs are copied to linked deployment shares

It’s been a surprisingly common question in the past few weeks – how come MDT doesn’t copy custom GPO packs to linked deployment shares?  Well, it’s been like that since support for GPO packs was added to MDT 2012 Update 1.

The simple scenario:  Someone has created a custom security template using the Security Compliance Manager and exported that as a local GPO pack.  They then copied that GPO pack into an MDT deployment share, under the “Templates\GPOPacks” folder and added a step to one or more task sequences to apply that GPO pack.  And everything works fine – until they set up linked deployment shares or media.  In those situations, they find that the extra GPO pack isn’t copied to the other deployment shares.

So why does this happen?  MDT knows to replicate certain folders to linked deployment shares and media.  (Really media is just another linked deployment share from a behavior perspective.)  And the “Templates\GPOPacks” folder isn’t included in that list of folders.

Fortunately, MDT does include a mechanism for adding folders to the list, a feature added just in case there was ever a need to do something like this.  See https://blogs.technet.com/b/mniehaus/archive/2009/10/01/mdt-2010-new-feature-21-copying-extra-folders.aspx for details.  I still don’t think it’s in the documentation, and it’s definitely not in the UI.  So you need to use PowerShell to configure it.

The process for doing that has changed a little since 2009, only because we now use a PowerShell 2.0 module.  So you would want to execute commands like so:

Import-Module 'C:\Program Files\Microsoft Deployment Toolkit\Bin\MicrosoftDeploymentToolkit.psd1'
Restore-MDTPersistentDrive
Set-ItemProperty -Path 'DS001:\Linked Deployment Shares\LINKED001' -Name ExtraFolders -Value @(“Templates\GPOPacks”)
Set-ItemProperty -Path 'DS001:\Media\MEDIA001' -Name ExtraFolders -Value @(“Templates\GPOPacks”)

These commands assume you only have one “main” deployment share (which becomes DS001: when the Restore-MDTPersistentDrive cmdlet runs), one linked deployment share (which has a logical name of “LINKED001”), and one media definition (which is “MEDIA001”).  You might need to adjust the values if you have more deployment shares or different objects.  (You can see the logical IDs in Workbench.)

After executing the command to add the extra folder, the next time you update or replicate the content, the custom GPO packs will be copied.

Comments

  • Anonymous
    October 20, 2013
    It appears the GPO templates are missing from MDT 2013?  At least the folders don't exist under the Templates folder...?

  • Anonymous
    March 10, 2015
    Old article, but still great advice. I am using MDT 2013 with ADK 8.1 and this still is needed.

    Only suggestion I would recommend is to change the command "Restore-MDTPersistentDrive" to "Restore-MDTPersistentDrive | Format-List"

    Reason for this is I have multiple Deployment Shares and they all start with a similar naming convention (DS_). So when the command is ran without "| Format-List"; the "Root" (path) does not show all the information.

    Adding the Format-List makes the output very easy to read and determine which DS is the one you would want for the next command.

  • Anonymous
    July 14, 2015
    Military Millionaire Review: Military Millionaire software was created by famous forex guru Stan and it was established to make the task of binary options trading easier. Stan has been improving the software so that it can provide the highest success rate for inbound pupils of the software program. Baseding on Stan "the software application is boasting a success proportion that is unmatched in comparison to any other tool on the market, and it's all thanks to the exclusive formula behind my advanced software application

    Read our full Military Millionaire Review:


    http://eriecdp.org/military-millionaire-review-does-the-software-work/