Did you Ever want to simply copy some files to your entire forest, domain or just a group of computers?
The easiest way, that is if your computers are in a domain environment, is to use GPO – group policy object that runs a startup script.
There are lots of ways to make mistakes on this topic. So stay alert.
Create a new group policy object and link it to the OU where your computers accounts are in:
- GPMC.msc > Create a new GPO > give it a name like: CopyFiles > link it to the desired OU>Open Group Policy Object Editor (right-click your policy>edit)
- In Group Policy object/Computer Configuration/Windows Settings/Scripts (Startup/Shutdown)> double-click startup
- In the Startup Properties dialog box, click Show Files. A new window will open under: \\DOMAIN.com\SysVol\DOMAIN.com\Policies\{Policy GUID}\Machine\Scripts\Startup. We need to put our script in this location.
- Right click this empty window > select new > text document. Name this file: copyfiles.cmd.
- Right click copyfiles.cmd > select edit.
Place your files in the NETLOGON directory
Now you need to place your files in a folder inside the NETLOGON directory.
This way your files will be replicated to all domain controllers so there is no specific place in which computers need to reach, in order to copy the files. For example: \DOMAIN.com\NETLOGON\FilesToCopy
Write the script that copies the files
I find that the best way is using xcopy command. I added the /D parameter as well to the command, it copies only those files whose source time is newer than the destination time If no date is given:
Xcopy \MyDOMAIN\NETLOGON\FilesToCopy*.* C:\ /D
Save and close your batch file. Close the : \DOMAIN.com\SysVol… window
In the startup properties windows click add > click browse > select copyfiles.cmd. Click open > click ok > click ok
The startup properties window should look like this:
That’s it. You now have a startup script that copies only newer files to your desired domain computers.
Nice article!
Is it possible to explain how to apply this GPO only to a Security group inside an OU? Thank you.
To apply a GPO only to a specific Security group, go to delegation>advanced. you need to remove the ‘apply group policy’ permission, leave only ‘read’ permissions from Authenticated users; add the sec group you like and give it ‘apply group policy’ + ‘read’ permission.
A tip for the sleepless and overworked like me: the Xcopy script should have “\\” before MyDOMAIN\NETLOGON\FilesToCopy\*.* C:\ /D
Cheers jh. I have corrected this now.
Great article! I have been creating policies and putting the scripts and files/folders on a network shared folder, with intermittent success. So far, this seems to work every time. Thank you!