How to File Operations with Group Policy Object (GPO)


Hi, In this article, I’ll talk about how to make some file operations using GPOs on our client computers in the Active Directory environment.

From time to time, client computers may need to copy, copy, delete an existing file, replace an existing file with a new one. It is also possible to find various batch files, but with GPO more practically.

Let’s start.

By creating a new GPO or editing one of the existing GPOs, let’s go to the Files under User Configuration or Computer Configuration section.

If you define it under Computer Configuration, the GPO is applied before the Ctrl + Alt + Del screen when the computer is turned on, if you define it under User Configuration, the GPO is applied after you enter the user password. Here you can choose according to your needs.


Right click on the right side and select New> File


The window will come below.


Action : Action

Source File (s): The path to our source file

Destination File: The path to our destination file.

Suppress errors on individual file actions: We can choose to suppress errors

Read-Only: Does the file in the Destination File read-only

Hidden: Makes the file in Destination File confidential.

Archive: Enables the Archive attribute of the file in the Destination File.


There are 4 options in Action.

  • Create: Source will also specify the file you specify in the destination.
  • Replace: Source also replaces the file you specify with the file you specify in the destination. In other words, the destination file is deleted and a new one is copied.
  • Update: Destination also updates the file you specify by overwriting it with the file you specify. If the file does not exist, create the file by behaving the same as Create.
  • Delete: Destination also deletes the file you specify. (Does not send to recycling!)

Source File (s):

In Source File (s), we should show where our source file is located. Here we should not show a local path like C: \ Tmp \ license.txt on Domain checks as the source path. Because this is the client computer on which the GPO is applied, it will call the C: \ temp \ license.txt file and it will get the error because it cannot find it. This section usually uses a file on a file server to share the path is given. However, if you in all your client is C: \ tmp \ lisans.tx t like you want to show as a file in the source file that you know is present in the C: \ tmp \ license.txt can use it as. Enough client computer can access this file in this path while it is applying GPO.

The important point at this point if the Computer Configuration If applying under and Source as \\ I \ license.txt If you have a sharing way as in the Share and NTFS permissions ” Domain Users ” in addition to ” Everyone ” a need to give the reader powers. Because, as I said before, GPOs applied under Computer Configuration have been implemented before entering user password, so no domain user authentication has been performed yet. Here, the client computer will attempt to access the file on the share with the SYSTEM account.

Destination File: 

In the Destination File section, we need to specify the directory in which the file specified in Source File should be processed on the client computers. It should be specified in the file name, not just the folder. As you can see in the following example source also license.txt the file destination in licence.txt we as a copycat.

If the folder specified in destination does not exist, it will automatically occur when GPO is applied. In other words, C: \ tmp \ license.txt in the Destination File section and C: \ temp directory will be created automatically.


Using System Variables:

When specifying the Source and Destination paths, we can also use system variables instead of constant values. For example, you want to copy a file in Source to the desktop of users. The desktop directory of each user will vary by user name.

The desktop path of Honor will be C: \ Users \ Techsoftcenter \ Desktop, and Derya’s desktop path will be C: \ Users \ Techsoft \ Desktop. In this case, what are we going to write to the destination files? At this point, the system variables come to our rescue.

When we press the F3 key while the cursor is in the Destination File or Source File (s) section, a list of system variables will open. We can choose what we need.


I’ve just selected DesktopDir for the example I just gave.


Processing on multiple files

So far we have done a single file with Source and Destination. To copy all the files under the folder specified in the Source to the directory in the destination, you can write them as follows.

Source File (s): \\ \ common \ *

Destination File:% Desktopdir% \ files \ <- This time we didn’t give the file name and *

If you do so, all files in the common directory on the file server will be copied to the files directory on the user’s desktop.


Deleting an existing file

If we want to delete a specific file on all client computers, we need to delete the Action part. When we select Delete, the Source File (s) section will be inactive.


In this way, clients with this GPO will be deleted from the hidden.xlsx files on the users desktop.

The examples were not very realistic, but I hope it is useful when you need one to come in the day. You can ask if you have any questions in the Comment section.