version control for Group Policy
It would be nice if there was a supported way to use version control tools (i.e. GIT, SVN, etc.) to manage various versions of Active Directory Group Policies.
I'm aware of AGPM but that's available as a part of the MDOP. If there was a supported way to version control GPOs using the industry standard tools, then that would open up so many additional automation possibilities for customers regardless of whether they have AGPM deployed or not. For example it could open up a possibility to maintain GPOs through CI\CD tools, like VSTS (pretty much like DSC configurations) and do things, like:
- Trigger custom GPO scanning routines on best practices\security requirements automatically, before approving certain changes (i.e. running Pester like tests against a GPO)
- Trigger custom testing of the GPO against some test machines
- Keep a history behind every setting in the GPO with all the associated discussions
- Integrate GPO deployment approval process into other tools that enterprises may have
That could be very helpful for environments where there's a need to make a lot of changes to the GPOs (say, in scope of the Security Hardening project).
Howdy - this is already a feature offered by Microsoft, through the Advanced Group Policy Management tool. Take a look here: