Method and system for implementing group policy operations

US 20040204949A1
Filed: 04/09/2003
Published: 10/14/2004
Est. Priority Date: 04/09/2003
Status: Active Grant

First Claim

Patent Images

1. In a computing environment, a method comprising:

receiving a request to perform an operation based upon a first group policy object having a first state including settings;

attempting to perform the operation to change a second group policy object having a second state to a state that includes at least some of the settings of the first group policy object; and

determining whether the attempted operation was successful, and if not, returning the second group policy object to the second state.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for performing various operations on group policy objects, by manipulating group policy objects as a single entity to perform backup, restore, import and copy operations. The backup operation transfers the various subparts of a selected group policy object to a file system. A restore operation restores a backed-up group policy object to its domain, in the same state as when the backup was performed. An import operation transfers the settings within a backed-up source group policy object to a destination group policy object, erasing its previous settings. A copy operation transfers the settings from a source group policy object to a new group policy object. Copy and import operations can be cross-domain, and a migration table can be used to convert security group and UNC pathnames as appropriate for the destination domain. Backup management, rollback of incomplete operations, and support for application deployment are also provided.

244 Citations

83 Claims

1. In a computing environment, a method comprising:
- receiving a request to perform an operation based upon a first group policy object having a first state including settings;
  
  attempting to perform the operation to change a second group policy object having a second state to a state that includes at least some of the settings of the first group policy object; and
  
  determining whether the attempted operation was successful, and if not, returning the second group policy object to the second state.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 2. The method of claim 1 wherein the first group policy object comprises a backup on a file system, and wherein attempting to perform the operation comprises, restoring data to the second group policy object based on the backup.
  - 3. The method of claim 2 wherein restoring data to the second group policy object based on the backup comprises, restoring the second group policy object having the second state to the second group policy object having the first state.
  - 4. The method of claim 3 wherein the backup corresponds to a group policy object that was deleted after the backup was written to the file system, and further comprising, creating the second group policy object before restoring data to the second group policy object based on the backup.
  - 5. The method of claim 3 wherein the second group policy object comprises an existing instance of a group policy object from which the backup was written to the file system, and wherein restoring data to the second group policy object based on the backup comprises, restoring at least some of the settings in the second group policy object based on the backup.
  - 6. The method of claim 2 wherein the backup corresponds to a group policy object that was deleted after the backup was written to the file system, and further comprising, creating the second group policy object before restoring data to the second group policy object based on the backup.
  - 7. The method of claim 2 wherein the second group policy object comprises an existing instance of a group policy object from which the backup was written to the file system, and wherein restoring data to the second group policy object based on the backup comprises, restoring at least some of the settings in the second group policy object based on the backup.
  - 8. The method of claim 1, further comprising backing up the first group policy object having the first state as a backup to the persistent storage.
  - 9. The method of claim 1 wherein the second group policy object comprises a later instance of the first group policy object.
  - 10. The method of claim 1 wherein the first group policy object comprises a backup on a file system, and wherein attempting to perform the operation comprises, importing at least some of the settings from the backup to the second group policy object.
  - 11. The method of claim 10 further comprising, erasing the settings of the second group policy object before importing from the backup.
  - 12. The method of claim 10 wherein the backup was made from a first group policy object of a first domain, and wherein the second group policy object exists in a second domain.
  - 13. The method of claim 12 further comprising, changing at least some of the settings to adjust for differences between the first and second domains.
  - 14. The method of claim 13 wherein the differences correspond to security-related data.
  - 15. The method of claim 13 wherein the differences correspond to path-related data.
  - 16. The method of claim 13 further comprising, accessing migration information to determine how to adjust for the differences.
  - 17. The method of claim 10 further comprising, accessing migration information to change at least some of the settings in the second group policy object based on settings in the first group policy object.
  - 18. The method of claim 1 wherein attempting to perform the operation comprises, copying data corresponding to the first group policy object to a staging area of the second group policy object, copying data from a main data location the second group policy object to a data area for old data of the second group policy object, and copying data from the staging area to the main data location of the second group policy object.
  - 19. The method of claim 18 wherein returning the second group policy object to the second state comprises, copying data from the data area for old data to the main data location of the second group policy object.
  - 20. The method of claim 18 wherein the attempted operation was not successful, and further comprising enabling the group policy object after returning the second group policy object to the second state.
  - 21. The method of claim 1 further comprising, disabling the group policy object, determining whether the attempted operation was successful, and if so, enabling the group policy object.
  - 22. The method of claim 1 wherein receiving a request to perform an operation comprises providing a user interface.
  - 23. The method of claim 1 wherein receiving a request to perform an operation comprises providing an interface for requesting the operation via a program.
  - 24. The method of claim 23 wherein the program comprises script.
  - 25. The method of claim 1 wherein attempting to perform the operation comprises reading a layout file.
  - 26. The method of claim 1 further comprising, providing at least one status message related to the operation
  - 27. The method of claim 1 further comprising, reanimating at least part of the second group policy object.
  - 28. A computer-readable medium having computer-executable instructions for performing the method of claim 1.

29. In a computing environment, a method comprising:
- receiving a request to perform an operation on a group policy object, the group policy object including a software-related object;
  
  determining whether the software-related object exists, and if the software-related object does not exist, determining whether the software-related object can be reanimated, and a) if the software-related object can be reanimated, reanimating the software-related object, and b) if the software-related object cannot be reanimated, having a new software-related object generated; and
  
  performing the requested operation using data of the software-related object.
- View Dependent Claims (30, 31)
- - 30. The method of claim 29 wherein performing the requested operation comprises restoring the group policy object from a backup, including restoring at least some data corresponding to the software-related object.
  - 31. A computer-readable medium having computer-executable instructions for performing the method of claim 29.

32. In a computing environment, a method comprising:
- collecting data corresponding to a group policy object; and
  
  backing up the collected data to a persistent storage, including creating a uniquely-identified backup data structure on the persistent storage, storing at least some of the collected data in relation to that uniquely identified data structure, and placing information corresponding to at least some of the collected data in an index file containing indexing data for the uniquely-identified backup data structure and at least one other backup data structure.
- View Dependent Claims (33, 34, 35, 36, 37, 38)
- - 33. The method of claim 32 wherein creating the uniquely-identified backup data structure comprises adding a folder to a file system, and wherein storing at least some of the collected data comprises adding at least one file to the folder.
  - 34. The method of claim 33 further comprising adding at least one sub-folder to the folder.
  - 35. The method of claim 33 wherein the folder comprises a subdirectory of a main backup directory containing at least one other folder that corresponds to another uniquely-identified backup data structure.
  - 36. The method of claim 35 further comprising, regenerating the indexing file based on folder information of the main backup data structure.
  - 37. The method of claim 36 further comprising, comparing at least some of the indexing data of the indexing file with the folder information of the main backup data structure.
  - 38. A computer-readable medium having computer-executable instructions for performing the method of claim 32.

39. In a computing environment, a method comprising:
- receiving a request to migrate at least some data corresponding to a group policy object of a first domain to a group policy object of a second domain; and
  
  migrating the data, including accessing migration information to convert at least some data relative to the first domain to corresponding data relative to the second domain.
- View Dependent Claims (40, 41, 42, 43, 44, 45)
- - 40. The method of claim 39 wherein migrating the data comprises copying at least some data of one group policy object to another group policy object.
  - 41. The method of claim 39 wherein migrating the data comprises importing at least some data from a backup structure corresponding to the group policy object of the first domain into the group policy object of the second domain.
  - 42. The method of claim 39 wherein accessing the migration information to convert data comprises interpreting tags in an XML file.
  - 43. The method of claim 39 further comprising, converting at least some security-related data relative to the first domain to security-related data relative to the second domain.
  - 44. The method of claim 39 further comprising, converting at least some path-related data relative to the first domain to path-related data relative to the second domain.
  - 45. A computer-readable medium having computer-executable instructions for performing the method of claim 39.

46. A computer-readable medium having stored thereon a data structure, comprising:
- at least one mapping;
  
  a first field of the mapping including source data corresponding to a source group policy object;
  
  a second field of the mapping including destination data corresponding to a destination group policy object, the mapping relating the second field to the first field; and
  
  wherein the first field is accessed during an operation involving a source group policy object and a destination group policy object to locate a mapping having source data corresponding to the source group policy object, and if found, to obtain from the second field information on the destination data corresponding to the destination group policy object.
- View Dependent Claims (47, 48, 49, 50, 51, 52)
- - 47. The data structure of claim 46 further comprising a third field containing type information that indicates the type of data in the first and second fields.
  - 48. The data structure of claim 46 wherein the third field contains explicit destination data.
  - 49. The data structure of claim 46 wherein the third field contains destination information indicating that the destination data is to be based on the source data in the first field.
  - 50. The data structure of claim 46 wherein the third field contains destination information indicating that there is to be no destination data corresponding to the source data in the first field.
  - 51. The data structure of claim 46 wherein the third field contains destination information indicating that the destination data is to be based on a name that is relative to the source data in the first field.
  - 52. The data structure of claim 46 wherein the data structure comprises an XML file, in which each mapping includes mapping tags, with source and destination tags that identify the first and second fields of the mapping, the source and destination tags between the mapping tags.

53. In a computing environment, a method comprising:
- receiving a request to perform an operation on a group policy object, the group policy object comprising a plurality of component objects;
  
  performing at least part of the operation, including attempting to access a selected component object of the group policy object; and
  
  providing at least one status message during the operation, including a status message identifying the selected component object and a status of the attempt to access the selected component object.
- View Dependent Claims (54, 55, 56, 57, 58, 59, 60, 61, 62)
- - 54. The method of claim 53 wherein the status of the attempt indicates an error condition with respect to the selected component object.
  - 55. The method of claim 53 wherein the status message includes information about a setting that caused the error condition.
  - 56. The method of claim 55 wherein the status message includes textual information explaining the error condition.
  - 57. The method of claim 53 wherein performing at least part of the operation comprises obtaining data from the selected component for backing up the group policy object to storage.
  - 58. The method of claim 53 wherein performing at least part of the operation comprises restoring data to the selected component from storage.
  - 59. The method of claim 53 wherein performing at least part of the operation comprises accessing the selected component to obtain data for copying to another group policy object.
  - 60. The method of claim 53 wherein performing at least part of the operation comprises writing data copied from another group policy object to the selected component.
  - 61. The method of claim 53 wherein performing at least part of the operation comprises importing settings to the selected component.
  - 62. A computer-readable medium having computer-executable instructions for performing the method of claim 53.

63. In a computing environment, a method comprising:
- receiving a request to perform a copy operation based upon a first group policy object having a first state comprising settings and a unique first identifier;
  
  creating a second group policy object with a unique second identifier; and
  
  copying the settings substantially exactly from the first group policy object to the second group policy object, without changing the second unique identifier of the second group policy object.
- View Dependent Claims (64, 65, 66, 67, 68)
- - 64. The method of claim 63 further comprising accessing migration information to convert at least some data of the first group policy object to a modified data setting in the second group policy object.
  - 65. The method of claim 63 wherein first group policy object is in a different domain from the second group policy object.
  - 66. The method of claim 65 further comprising, accessing migration information to convert at least some data relative to the first domain to corresponding data relative to the second domain.
  - 67. The method of claim 63 wherein first group policy object is in a different forest from the second group policy object.
  - 68. A computer-readable medium having computer-executable instructions for performing the method of claim 63.

69. In a computing environment, a method comprising:
- receiving a first request to perform an operation on group policy-related data;
  
  beginning the requested operation in response to the first request;
  
  receiving a second request to cancel the operation while the requested operation is ongoing; and
  
  canceling the operation in response to the second request.
- View Dependent Claims (70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83)
- - 70. The method of claim 69 wherein the first request to perform an operation on group policy-related data comprises a request to copy data from one group policy object to another group policy object, and wherein beginning the requested operation comprises copying at least some data.
  - 71. The method of claim 70 further comprising, undoing the copying of the data after receiving the request to cancel the operation.
  - 72. The method of claim 69 wherein the first request to perform an operation on group policy-related data comprises a request to copy data from a group policy object to another group policy object, and wherein beginning the requested operation comprises creating the other group policy object.
  - 73. The method of claim 69 further comprising, undoing the creation of the other group policy object after receiving the request to cancel the operation.
  - 74. The method of claim 69 wherein the first request to perform an operation on group policy-related data comprises a request to copy data from a group policy object in one domain to another group policy object in another domain.
  - 75. The method of claim 69 wherein the first request to perform an operation on group policy-related data comprises a request to backup data from a group policy object to a file system.
  - 76. The method of claim 69 wherein the first request to perform an operation on group policy-related data comprises a request to import data from a group policy object to another group policy object, and wherein beginning the requested operation comprises erasing the data of the other group policy object.
  - 77. The method of claim 76 further comprising, in response to the cancel request, returning the data of the other group policy object to a prior state.
  - 78. The method of claim 69 wherein the first request to perform an operation on group policy-related data comprises a request to import data from a group policy object in one domain into another group policy object in another domain.
  - 79. The method of claim 78 further comprising, importing at least some data before receiving the cancel request, and undoing the importing copying of the data after receiving the request to cancel the operation.
  - 80. The method of claim 69 wherein the first request to perform an operation on group policy-related data comprises a request to restore data from a backup file to a group policy object, and wherein beginning the requested operation comprises changing at least some of the data of the group policy object.
  - 81. The method of claim 80 further comprising, in response to the cancel request, returning the data of the other group policy object to a prior state.
  - 82. The method of claim 69 wherein the policy-related data comprises a group policy object.
  - 83. A computer-readable medium having computer-executable instructions for performing the method of claim 69.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Gupta, Rahul, Whalen, William J., Shaji, Ullattil

Granted Patent

US 8,244,841 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/1
CPC Class Codes

G06F 11/1415   at system level

G06F 11/1458   Management of the backup or...

G06F 11/1469   Backup restoration techniques

Method and system for implementing group policy operations

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

244 Citations

83 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for implementing group policy operations

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

244 Citations

83 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links