Method and system for implementing group policy operations

US 8,244,841 B2
Filed: 04/09/2003
Issued: 08/14/2012
Est. Priority Date: 04/09/2003
Status: Active Grant

First Claim

Patent Images

1. In a computing environment, a method comprising:

receiving a request to perform an operation to restore data based upon a first group policy object, the first group policy object including;

a globally unique identifier, settings of the first group policy object, discretionary access control lists and a first state including settings, the first group policy object being a backup on a file system;

attempting to perform the operation to restore data to change a second group policy object having a second state to a state that includes at least some of the settings of the first group policy object, the operation including replacing settings in the second group policy object with the settings of the first group policy object, the attempting to perform the operation to restore data including restoring data to the second group policy object based on the backup;

determining whether the data exists, and if not, whether the data can be reanimated;

if the data is represented by a tombstone, then determining an age of the tombstone;

if the age of the tombstone has not exceeded its lifetime, then reanimating and restoring the data;

if the age of the tombstone has exceeded its lifetime, then recognizing that the data does not exist; and

determining whether the attempted operation was successful, and if not, returning the second group policy object to the second state.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for performing various operations on group policy objects, by manipulating group policy objects as a single entity to perform backup, restore, import and copy operations. The backup operation transfers the various subparts of a selected group policy object to a file system. A restore operation restores a backed-up group policy object to its domain, in the same state as when the backup was performed. An import operation transfers the settings within a backed-up source group policy object to a destination group policy object, erasing its previous settings. A copy operation transfers the settings from a source group policy object to a new group policy object. Copy and import operations can be cross-domain, and a migration table can be used to convert security group and UNC pathnames as appropriate for the destination domain. Backup management, rollback of incomplete operations, and support for application deployment are also provided.

Citations

33 Claims

1. In a computing environment, a method comprising:
- receiving a request to perform an operation to restore data based upon a first group policy object, the first group policy object including;
  
  a globally unique identifier, settings of the first group policy object, discretionary access control lists and a first state including settings, the first group policy object being a backup on a file system;
  
  attempting to perform the operation to restore data to change a second group policy object having a second state to a state that includes at least some of the settings of the first group policy object, the operation including replacing settings in the second group policy object with the settings of the first group policy object, the attempting to perform the operation to restore data including restoring data to the second group policy object based on the backup;
  
  determining whether the data exists, and if not, whether the data can be reanimated;
  
  if the data is represented by a tombstone, then determining an age of the tombstone;
  
  if the age of the tombstone has not exceeded its lifetime, then reanimating and restoring the data;
  
  if the age of the tombstone has exceeded its lifetime, then recognizing that the data does not exist; and
  
  determining whether the attempted operation was successful, and if not, returning the second group policy object to the second state.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. The method of claim 1 wherein the backup corresponds to a group policy object that was deleted after the backup was written to the file system, and further comprising, creating the second group policy object before restoring data to the second group policy object based on the backup.
  - 3. The method of claim 1 wherein the second group policy object comprises an existing instance of a group policy object from which the backup was written to the file system, and wherein restoring data to the second group policy object based on the backup comprises restoring at least some of the settings in the second group policy object based on the backup.
  - 4. The method of claim 1 wherein the backup corresponds to a group policy object that was deleted after the backup was written to the file system, and further comprising, creating the second group policy object before restoring data to the second group policy object based on the backup.
  - 5. The method of claim 1 wherein the second group policy object comprises an existing instance of a group policy object from which the backup was written to the file system, and wherein restoring data to the second group policy object based on the backup comprises restoring at least some of the settings in the second group policy object based on the backup.
  - 6. The method of claim 1, further comprising backing up the first group policy object having the first state as a backup to persistent storage.
  - 7. The method of claim 1 wherein the second group policy object comprises a later instance of the first group policy object.
  - 8. The method of claim 1 further comprising, erasing the settings of the second group policy object before importing from the backup.
  - 9. The method of claim 1 wherein the backup was made from a first group policy object of a first domain, and wherein the second group policy object exists in a second domain.
  - 10. The method of claim 9 further comprising, changing at least some of the settings to adjust for differences between the first and second domains.
  - 11. The method of claim 10 wherein the differences correspond to security-related data.
  - 12. The method of claim 10 wherein the differences correspond to path-related data.
  - 13. The method of claim 10 further comprising, accessing migration information to determine how to adjust for the differences.
  - 14. The method of claim 1 further comprising, accessing migration information to change at least some of the settings in the second group policy object based on settings in the first group policy object.
  - 15. The method of claim 1 wherein attempting to perform the operation comprises, copying data corresponding to the first group policy object to a staging area of the second group policy object, copying data from a main data location of the second group policy object to a data area for old data of the second group policy object, and copying data from the staging area to the main data location of the second group policy object.
  - 16. The method of claim 15 wherein returning the second group policy object to the second state comprises, copying data from the data area for old data to the main data location of the second group policy object.
  - 17. The method of claim 1 further comprising, disabling the group policy object, determining whether the attempted operation was successful, and if so, enabling the group policy object.
  - 18. The method of claim 1 wherein receiving a request to perform an operation comprises providing a user interface.
  - 19. The method of claim 1 wherein receiving a request to perform an operation comprises providing an interface for requesting the operation via a program.
  - 20. The method of claim 19 wherein the program comprises script.
  - 21. The method of claim 1 wherein attempting to perform the operation comprises reading a layout file.
  - 22. The method of claim 1 further comprising, providing at least one status message related to the operation.
  - 23. The method of claim 1, comprising:
    - in response to the received request, disabling the second group policy object into an error stage until the determining is complete.

24. In a computing environment, a method comprising:
- receiving a request to migrate at least some data corresponding to a group policy object of a first domain to a group policy object of a second domain;
  
  determining whether the data exists, and if not, whether the data can be reanimated;
  
  if the data is represented by a tombstone, then determining an age of the tombstone;
  
  if the age of the tombstone has not exceeded its lifetime, then reanimating the data;
  
  if the age of the tombstone has exceeded its lifetime, then recognizing that the data does not exist;
  
  migrating the data, if it exists, to the second domain, the migrating including;
  
  accessing migration information to convert at least some data relative to the first domain to corresponding data relative to the second domain;
  
  the accessing migration information to convert including converting at least some security-related data relative to the first domain to security-related data relative to the second domain.
- View Dependent Claims (25, 26, 27, 28)
- - 25. The method of claim 24 wherein migrating the data comprises copying at least some data of one group policy object to another group policy object.
  - 26. The method of claim 24 wherein migrating the data comprises importing at least some data from a backup structure corresponding to the group policy object of the first domain into the group policy object of the second domain.
  - 27. The method of claim 24 wherein accessing the migration information to convert data comprises interpreting tags in an XML file.
  - 28. The method of claim 24 further comprising, converting at least some path-related data relative to the first domain to path-related data relative to the second domain.

29. In a computing environment, a method comprising:
- receiving a request to perform a copy operation based upon a first group policy object, the first group policy object having;
  
  a globally unique identifier;
  
  settings of the first group policy object;
  
  discretionary access control lists; and
  
  a first state, the first state comprising;
  
  settings that apply to a group of users;
  
  discretionary access control lists; and
  
  a unique first identifier;
  
  determining whether data associated with the copy operation exists, and if not, whether the data can be reanimated;
  
  if the data is represented by a tombstone, then determining an age of the tombstone;
  
  if the age of the tombstone has not exceeded its lifetime, then reanimating the data;
  
  if the age of the tombstone has exceeded its lifetime, then recognizing that the data does not exist;
  
  if the data exists, creating a second group policy object with a unique second identifier;
  
  and copying the settings from the first group policy object to the second group policy object, without changing either the second unique identifier of the second group policy object or discretionary access control lists of the second group policy object, the copying of the settings including;
  
  replacing settings in the second group policy object with the settings of the first group policy object; and
  
  preserving a globally unique identifier of the second group policy object and discretionary access control lists of the second group policy object.
- View Dependent Claims (30, 31, 32, 33)
- - 30. The method of claim 29 further comprising accessing migration information to convert at least some data of the first group policy object to a modified data setting in the second group policy object.
  - 31. The method of claim 29 wherein first group policy object is in a different domain from the second group policy object.
  - 32. The method of claim 31 further comprising, accessing migration information to convert at least some data relative to the first domain to corresponding data relative to the second domain.
  - 33. The method of claim 29 wherein first group policy object is in a different forest from the second group policy object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Shaji, Ullattil, Gupta, Rahul, Whalen, William J.
Primary Examiner(s)
Chea, Philip
Assistant Examiner(s)
NASH, LASHANYA RENEE

Application Number

US10/410,865
Publication Number

US 20040204949A1
Time in Patent Office

3,415 Days
Field of Search

709/223, 707/100, 707/827, 707/640, 707/674, 707/694, 707/829, 707/666
US Class Current

709/223
CPC Class Codes

G06F 11/1415   at system level

G06F 11/1458   Management of the backup or...

G06F 11/1469   Backup restoration techniques

Method and system for implementing group policy operations

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for implementing group policy operations

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links