How to copy files or folders to all computers using GPO

How to copy files or folders to all computers using GPO

Introduction

There are several scenarios for when you would need to copy one or multiple files to select computers or all computers in a domain of an Active Directory (AD) network. For example, there might be a shared folder that everyone in the organization would need to access. In such cases, group policy objects (GPO) can be used to copy files from a shared folder to all the computers in an AD domain. The process of copying the files involves the following steps:
  1. Copying/moving all the files into a shared network folder.
  2. Creating a GPO and linking it to the AD domain
  3. Editing the GPO to copy files to all computers in the AD domain

Copying/moving all the files into a shared network folder.

First, you will have to create a shared network folder, and then copy all the files that you want to be copied to all domain computers into the folder. This is so that replication load can be made easier this way. Also, you will have to ensure that the Authenticated Users group has been given permission to access the folder. To check that, you can perform the following steps:
  1. Right click on the shared network folder, and select Properties.
  2. Select the Security Tab.
  3. Under the Groups or user names section, check to see if the Authenticated Users group is present.

Creating a GPO and linking it to the AD domain

Once the folder is created, you can move on to creating a GPO through which you will be copying the files to the domain computers. Here's how you can create a GPO and link it to the domain:
  1. Launch Server Manager from the taskbar, or go to Start, and then click Server Manager.
  2. In the Server Manager window, go to Tools, and select Group Policy Management.
  3. In the window that opens, navigate to the Group Policy Objects container. Right-click on the container and click New.
  4. Enter a name for the GPO in the dialogue box that appears, and click OK. The GPO would have been created.
  5. Now, navigate to the domain or OU where you want to copy the files to the computers, right-click on the container, and click Link an Existing GPO.
  6. In the dialogue box that appears, select the GPO that was just created, and click OK. The GPO would be linked to the domain or OU that was selected.

Editing the GPO to copy files to all computers in the AD domain

Once the GPO has been linked, you can edit the GPO to copy the files into all domain computers. Here's how you can do it:
  1. In the Group Policy Management window, navigate to the GPO that was just created, right-click on it, and click Edit.
  2. In the Group Policy Management Editor window that pops up, navigate to User Configuration –> Preferences -> Windows Settings -> Files.
  3. In the right pane, right-click on the empty pane, and select New, and then File.
  4. In the window that pops up, under the Actions section, select the Create option. If you are replacing or updating an existing file, select Replace or Update respectively.
  5. Under the Source file(s) section, mention the location of the file you want to copy.
  6. Under the Destination folder section, mention the location where you want the file to be copied. For this instance, if you want to copy the files on the computers' desktop, type %DesktopDir%\.
  7. If you want to copy the files only to specific computers in the domain, go to the Common tab. Check Item-level targeting, and then click Targeting. Mention the groups or users, and then click OK to confirm the addition of groups or users.
  8. Click OK to confirm the action.
In this process, if you have linked the GPO to an OU containing computers and not users, you will have to enable the GPO loopback processing mode. Here's how you can do it:
  1. In the Group Policy Management Editor window, navigate to Computer Configuration -> Policies -> Administrative Templates -> System -> Group Policy.
  2. Select the Configure user Group Policy loopback processing mode policy.
  3. In the window that pops up, select Enabled.
  4. Under the Mode section, select Merge.
  5. Click OK to confirm the action.
Note: In this method of copying files using GPO, it is not possible to copy a folder including all its contents to a computer in an AD domain. The process mentioned above can only be used to copy files to a specific location in the domain computers. If you want to copy a folder including all its contents, you will have to create a target folder in the destination computer, and then copy the files to the target folder using the process given above. Here's how you can do it:
  1. In the Group Policy Management window, navigate to the GPO that was just created, right-click on it, and click Edit.
  2. In the Group Policy Management Editor window that pops up, navigate to User Configuration –> Preferences -> Windows Settings -> Folders.
  3. In the right pane, right-click on the empty pane, and select New, and then Folder.
  4. Mention the location where you want the folder to reside in the domain computers under the Path section.
  5. Click OK to confirm the action.
  6. Then, proceed with the process mentioned above to copy the files. One change you would be doing is that while editing the GPO to copy the files, in step 6, under the Destination Folder section, instead of mentioning %DesktopDir%\, you will have to mention the location of the folder you created.
    • Related Articles

    • How to Control USB Access on select Devices using GPO

      Enabling and Disabling USB access using Active Directory Group Policy Removable storage devices such as USB drives have gained widespread use and become an indispensable way for the storage of data. However, they also pose a threat to the security of ...
    • How to create Desktop Shortcuts on Domain Computers via GPO

      Introduction Organizations sometimes may want to add certain shortcuts to all or some of the computers in their domain. For example, there might be a set of applications that all employees in an organization would need to use. The organization may ...
    • How to Deploy Printers to Users/Groups/Computers with GPO

      Introduction Employees in an organization would be required to use the printer for various purposes. Unless the employees have a printer installed locally on their system, they will be using one of the shared printers in the organization's Active ...
    • GPO Inheritance

      A user or a computer in an OU can have multiple GPOs applied to it. For example, Local Group Policy, GPOs linked to the site, GPOs linked to the domain and GPOs linked to the OU. Also, multiple GPOs can be linked to any of these containers. The ...
    • Restricting Access to Folders using Traverse Folder Permission

      How to Use NTFS Advanced Permissions to Restrict Access to Parent Folders Consider a scenario where the parent folder named A consists of child folders B1 and B2. The employees belonging to a certain group need to access only folders B1 and B2. Hence ...