I am trying to use the GroupPolicy PowerShell module to manipulate and read local group policy settings on a standalone Windows 2012R2 server.
When I try to execute the Get-GPOReport cmdlet:
Get-GPOReport -All -ReportType Xml
I get the following error:
Get-GPOReport : Current security context is not associated with an
Active Directory domain or forest. At line:1 char:1
+ Get-GPOReport -ReportType Xml -all
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-GPOReport], ActiveDirectoryOperationException
+ FullyQualifiedErrorId : System.DirectoryServices.ActiveDirectory.ActiveDirectoryOperationException,Microsoft.GroupPolicy.Commands.GetGpoReportCommand
I've also tried specifying my server name as well:
Get-GPOReport -ReportType Xml -all -server devserver01
But I get the same error.
I am logged in as Administrator on this server whilst running these commands. I also have the Group Policy Management Console installed which is a pre-requisite.
The error message:
Current security context is not associated with an Active Directory domain or forest.
Suggests I should be logged in as a Domain user, but as I mentioned this is a standalone server that is not part of an AD domain.
Is it not possible to use the GroupPolicy module cmdlets on a standalone server?
Best Answer
Group Policymay seem synonymous withLocal Security Policyand often in IT we talk this way. Similar to saying Kleenex for any tissue.Unfortunately, it's a little off. When Microsoft refers to
Group Policy Objectsthey mean just that...a group setting or a setting that could be applied to a group of objects.So when Technet refers to GPOs, they mean it in the context of a domain, and not a single local security policy.
So unfortunately, NO you won't be able to use the GPO cmdlets on a standalone server.