Method and system for implementing group policy operations
First Claim
1. In a computing environment, a method comprising:
- receiving a request to perform an operation to restore data based upon a first group policy object, the first group policy object including;
a globally unique identifier, settings of the first group policy object, discretionary access control lists and a first state including settings, the first group policy object being a backup on a file system;
attempting to perform the operation to restore data to change a second group policy object having a second state to a state that includes at least some of the settings of the first group policy object, the operation including replacing settings in the second group policy object with the settings of the first group policy object, the attempting to perform the operation to restore data including restoring data to the second group policy object based on the backup;
determining whether the data exists, and if not, whether the data can be reanimated;
if the data is represented by a tombstone, then determining an age of the tombstone;
if the age of the tombstone has not exceeded its lifetime, then reanimating and restoring the data;
if the age of the tombstone has exceeded its lifetime, then recognizing that the data does not exist; and
determining whether the attempted operation was successful, and if not, returning the second group policy object to the second state.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for performing various operations on group policy objects, by manipulating group policy objects as a single entity to perform backup, restore, import and copy operations. The backup operation transfers the various subparts of a selected group policy object to a file system. A restore operation restores a backed-up group policy object to its domain, in the same state as when the backup was performed. An import operation transfers the settings within a backed-up source group policy object to a destination group policy object, erasing its previous settings. A copy operation transfers the settings from a source group policy object to a new group policy object. Copy and import operations can be cross-domain, and a migration table can be used to convert security group and UNC pathnames as appropriate for the destination domain. Backup management, rollback of incomplete operations, and support for application deployment are also provided.
-
Citations
33 Claims
-
1. In a computing environment, a method comprising:
-
receiving a request to perform an operation to restore data based upon a first group policy object, the first group policy object including;
a globally unique identifier, settings of the first group policy object, discretionary access control lists and a first state including settings, the first group policy object being a backup on a file system;attempting to perform the operation to restore data to change a second group policy object having a second state to a state that includes at least some of the settings of the first group policy object, the operation including replacing settings in the second group policy object with the settings of the first group policy object, the attempting to perform the operation to restore data including restoring data to the second group policy object based on the backup; determining whether the data exists, and if not, whether the data can be reanimated;
if the data is represented by a tombstone, then determining an age of the tombstone;if the age of the tombstone has not exceeded its lifetime, then reanimating and restoring the data; if the age of the tombstone has exceeded its lifetime, then recognizing that the data does not exist; and determining whether the attempted operation was successful, and if not, returning the second group policy object to the second state. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. In a computing environment, a method comprising:
-
receiving a request to migrate at least some data corresponding to a group policy object of a first domain to a group policy object of a second domain; determining whether the data exists, and if not, whether the data can be reanimated; if the data is represented by a tombstone, then determining an age of the tombstone; if the age of the tombstone has not exceeded its lifetime, then reanimating the data; if the age of the tombstone has exceeded its lifetime, then recognizing that the data does not exist; migrating the data, if it exists, to the second domain, the migrating including; accessing migration information to convert at least some data relative to the first domain to corresponding data relative to the second domain; the accessing migration information to convert including converting at least some security-related data relative to the first domain to security-related data relative to the second domain. - View Dependent Claims (25, 26, 27, 28)
-
-
29. In a computing environment, a method comprising:
-
receiving a request to perform a copy operation based upon a first group policy object, the first group policy object having; a globally unique identifier; settings of the first group policy object; discretionary access control lists; and a first state, the first state comprising; settings that apply to a group of users; discretionary access control lists; and a unique first identifier; determining whether data associated with the copy operation exists, and if not, whether the data can be reanimated; if the data is represented by a tombstone, then determining an age of the tombstone; if the age of the tombstone has not exceeded its lifetime, then reanimating the data; if the age of the tombstone has exceeded its lifetime, then recognizing that the data does not exist; if the data exists, creating a second group policy object with a unique second identifier; and copying the settings from the first group policy object to the second group policy object, without changing either the second unique identifier of the second group policy object or discretionary access control lists of the second group policy object, the copying of the settings including; replacing settings in the second group policy object with the settings of the first group policy object; and preserving a globally unique identifier of the second group policy object and discretionary access control lists of the second group policy object. - View Dependent Claims (30, 31, 32, 33)
-
Specification