diff --git a/LAPS/Binaries/Laps/LAPS.x64.msi b/LAPS/Binaries/Laps/LAPS.x64.msi
new file mode 100644
index 0000000..8a62c59
Binary files /dev/null and b/LAPS/Binaries/Laps/LAPS.x64.msi differ
diff --git a/LAPS/Binaries/Laps/LAPS.x86.msi b/LAPS/Binaries/Laps/LAPS.x86.msi
new file mode 100644
index 0000000..3fa5fff
Binary files /dev/null and b/LAPS/Binaries/Laps/LAPS.x86.msi differ
diff --git a/LAPS/GPO/manifest.xml b/LAPS/GPO/manifest.xml
new file mode 100644
index 0000000..047e2e7
--- /dev/null
+++ b/LAPS/GPO/manifest.xml
@@ -0,0 +1 @@
+<Backups xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" xmlns:mfst="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" mfst:version="1.0"><BackupInst mfst:SIPresent="true"><GPOGuid><![CDATA[{A67CA9F7-A79B-4487-8906-4DF041098D38}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:50:15]]></BackupTime><ID><![CDATA[{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[LAPSInstallation-v1.0]]></GPODisplayName></BackupInst><BackupInst><GPOGuid><![CDATA[{FE7A4C59-9F3D-47C7-8C64-DE9B69532C4A}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:50:10]]></BackupTime><ID><![CDATA[{65AEE3FE-FDB4-408C-AD59-E6E1D368343D}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[LAPSConfiguration-v1.0]]></GPODisplayName></BackupInst></Backups>
\ No newline at end of file
diff --git a/LAPS/GPO/{65AEE3FE-FDB4-408C-AD59-E6E1D368343D}/Backup.xml b/LAPS/GPO/{65AEE3FE-FDB4-408C-AD59-E6E1D368343D}/Backup.xml
new file mode 100644
index 0000000..d0a017f
--- /dev/null
+++ b/LAPS/GPO/{65AEE3FE-FDB4-408C-AD59-E6E1D368343D}/Backup.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation.  All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
+    <GroupPolicyObject><SecurityGroups><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@mvp.azureblog.pl]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Domain Admins@mvp.azureblog.pl]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{FE7A4C59-9F3D-47C7-8C64-DE9B69532C4A}]]></ID><Domain><![CDATA[mvp.azureblog.pl]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[LAPSConfiguration-v1.0]]></DisplayName><Options><![CDATA[1]]></Options><UserVersionNumber><![CDATA[65537]]></UserVersionNumber><MachineVersionNumber><![CDATA[458759]]></MachineVersionNumber><MachineExtensionGuids><![CDATA[[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F72-3407-48AE-BA88-E8213C6761F1}][{D76B9641-3288-4F75-942D-087DE603E3EA}{D02B1F72-3407-48AE-BA88-E8213C6761F1}]]]></MachineExtensionGuids><UserExtensionGuids/><WMIFilter/></GroupPolicyCoreSettings> 
+        <GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
+            <FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\registry.pol" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{FE7A4C59-9F3D-47C7-8C64-DE9B69532C4A}\Machine\registry.pol" bkp:Location="DomainSysvol\GPO\Machine\registry.pol"/>
+            
+            <FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{FE7A4C59-9F3D-47C7-8C64-DE9B69532C4A}\Adm\*.*"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+        
+        
+        
+        
+        
+    <GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\comment.cmtx" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{FE7A4C59-9F3D-47C7-8C64-DE9B69532C4A}\Machine\comment.cmtx" bkp:Location="DomainSysvol\GPO\Machine\comment.cmtx"/></GroupPolicyExtension></GroupPolicyObject>
+</GroupPolicyBackupScheme>
\ No newline at end of file
diff --git a/LAPS/GPO/{65AEE3FE-FDB4-408C-AD59-E6E1D368343D}/DomainSysvol/GPO/Machine/comment.cmtx b/LAPS/GPO/{65AEE3FE-FDB4-408C-AD59-E6E1D368343D}/DomainSysvol/GPO/Machine/comment.cmtx
new file mode 100644
index 0000000..4b8fa9f
--- /dev/null
+++ b/LAPS/GPO/{65AEE3FE-FDB4-408C-AD59-E6E1D368343D}/DomainSysvol/GPO/Machine/comment.cmtx
@@ -0,0 +1,12 @@
+<?xml version='1.0' encoding='utf-8'?>
+<policyComments xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://www.microsoft.com/GroupPolicy/CommentDefinitions">
+  <policyNamespaces>
+    <using prefix="ns0" namespace="FullArmor.Policies.C9E1D975_EA58_48C3_958E_3BC214D89A2E"></using>
+  </policyNamespaces>
+  <comments>
+    <admTemplate></admTemplate>
+  </comments>
+  <resources minRequiredRevision="1.0">
+    <stringTable></stringTable>
+  </resources>
+</policyComments>
\ No newline at end of file
diff --git a/LAPS/GPO/{65AEE3FE-FDB4-408C-AD59-E6E1D368343D}/DomainSysvol/GPO/Machine/registry.pol b/LAPS/GPO/{65AEE3FE-FDB4-408C-AD59-E6E1D368343D}/DomainSysvol/GPO/Machine/registry.pol
new file mode 100644
index 0000000..22ff46f
Binary files /dev/null and b/LAPS/GPO/{65AEE3FE-FDB4-408C-AD59-E6E1D368343D}/DomainSysvol/GPO/Machine/registry.pol differ
diff --git a/LAPS/GPO/{65AEE3FE-FDB4-408C-AD59-E6E1D368343D}/bkupInfo.xml b/LAPS/GPO/{65AEE3FE-FDB4-408C-AD59-E6E1D368343D}/bkupInfo.xml
new file mode 100644
index 0000000..6a4b760
--- /dev/null
+++ b/LAPS/GPO/{65AEE3FE-FDB4-408C-AD59-E6E1D368343D}/bkupInfo.xml
@@ -0,0 +1 @@
+<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{FE7A4C59-9F3D-47C7-8C64-DE9B69532C4A}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:50:10]]></BackupTime><ID><![CDATA[{65AEE3FE-FDB4-408C-AD59-E6E1D368343D}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[LAPSConfiguration-v1.0]]></GPODisplayName></BackupInst>
diff --git a/LAPS/GPO/{65AEE3FE-FDB4-408C-AD59-E6E1D368343D}/gpreport.xml b/LAPS/GPO/{65AEE3FE-FDB4-408C-AD59-E6E1D368343D}/gpreport.xml
new file mode 100644
index 0000000..20bce26
Binary files /dev/null and b/LAPS/GPO/{65AEE3FE-FDB4-408C-AD59-E6E1D368343D}/gpreport.xml differ
diff --git a/LAPS/GPO/{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}/Backup.xml b/LAPS/GPO/{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}/Backup.xml
new file mode 100644
index 0000000..c428c16
--- /dev/null
+++ b/LAPS/GPO/{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}/Backup.xml
@@ -0,0 +1,118 @@
+<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation.  All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
+    <GroupPolicyObject><SecurityGroups><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@mvp.azureblog.pl]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Domain Admins@mvp.azureblog.pl]]></UPN></Group></SecurityGroups><FilePaths><Path><![CDATA[\\mvp.azureblog.pl\SYSVOL\mvp.azureblog.pl\scripts\LAPS]]></Path></FilePaths><GroupPolicyCoreSettings><ID><![CDATA[{A67CA9F7-A79B-4487-8906-4DF041098D38}]]></ID><Domain><![CDATA[mvp.azureblog.pl]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[LAPSInstallation-v1.0]]></DisplayName><Options><![CDATA[1]]></Options><UserVersionNumber><![CDATA[65537]]></UserVersionNumber><MachineVersionNumber><![CDATA[1114129]]></MachineVersionNumber><MachineExtensionGuids><![CDATA[[{C6DC5466-785A-11D2-84D0-00C04FB169F7}{942A8E4F-A261-11D1-A760-00C04FB9603F}][{D76B9641-3288-4F75-942D-087DE603E3EA}{D02B1F72-3407-48AE-BA88-E8213C6761F1}]]]></MachineExtensionGuids><UserExtensionGuids/><WMIFilter/></GroupPolicyCoreSettings> 
+        <GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
+            <FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\registry.pol" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{A67CA9F7-A79B-4487-8906-4DF041098D38}\Machine\registry.pol" bkp:Location="DomainSysvol\GPO\Machine\registry.pol"/>
+            
+            <FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{A67CA9F7-A79B-4487-8906-4DF041098D38}\Adm\*.*"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+        
+        
+        
+        
+        <GroupPolicyExtension bkp:ID="{c6dc5466-785a-11d2-84d0-00c04fb169f7}" bkp:DescName="Software Installation">
+            
+        <DSObject bkp:Path="cn=Class Store,%GPO_MACH_DSPATH%" bkp:ObjectClass="classStore" bkp:SourceExpandedPath="cn=Class Store,cn=Machine,cn={A67CA9F7-A79B-4487-8906-4DF041098D38},CN=Policies,CN=System,DC=mvp,DC=azureblog,DC=pl">
+                <DSObject bkp:Path="cn=Packages,cn=Class Store,%GPO_MACH_DSPATH%" bkp:ObjectClass="classStore" bkp:SourceExpandedPath="cn=Packages,cn=Class Store,cn=Machine,cn={A67CA9F7-A79B-4487-8906-4DF041098D38},CN=Policies,CN=System,DC=mvp,DC=azureblog,DC=pl">
+                    <DSObject bkp:Path="*,cn=Packages,cn=Class Store,%GPO_MACH_DSPATH%" bkp:ObjectClass="packageRegistration" bkp:SourceExpandedPath="*,cn=Packages,cn=Class Store,cn=Machine,cn={A67CA9F7-A79B-4487-8906-4DF041098D38},CN=Policies,CN=System,DC=mvp,DC=azureblog,DC=pl" bkp:ReEvaluateFunction="SIProcessAllPackageObjects"><DSObject bkp:ObjectClass="packageRegistration" bkp:Path="CN=9a3f528c-d8e7-449f-a9ef-7cdd4baa564b,CN=Packages,CN=Class Store,%GPO_MACH_DSPATH%" bkp:SourceExpandedPath="CN=9a3f528c-d8e7-449f-a9ef-7cdd4baa564b,CN=Packages,CN=Class Store,cn=Machine,cn={A67CA9F7-A79B-4487-8906-4DF041098D38},CN=Policies,CN=System,DC=mvp,DC=azureblog,DC=pl" bkp:ReEvaluateFunction="SIProcessPackageObject"><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\Applications\{CB506314-48D4-420C-B7A0-20B98E314140}.aas" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{A67CA9F7-A79B-4487-8906-4DF041098D38}\Machine\Applications\{CB506314-48D4-420C-B7A0-20B98E314140}.aas" bkp:Location="DomainSysvol\GPO\Machine\Applications\{CB506314-48D4-420C-B7A0-20B98E314140}.aas"/>
+                        <SecurityDescriptor>01 00 04 8c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 14 01 0a 00 00 00 00 00 24 00 ff 01 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 00 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 14 00 ff 01 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 05 12 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 12 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 12 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 07 02 00 00 00 12 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 12 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 12 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 1a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor>
+                        <DSAttributeBinary bkp:DSAttrName="objectGUID"><DSValue><![CDATA[af fa 8a a0 6d ee ae 40 97 aa 5a 55 61 90 48 87]]></DSValue></DSAttributeBinary>
+                        <DSAttributeMultiString bkp:DSAttrName="cOMClassID"><DSValue><![CDATA[00000000-0000-0000-0000-000000000000:0]]></DSValue></DSAttributeMultiString>
+                        <DSAttributeMultiString bkp:DSAttrName="cOMProgID"/>
+                        <DSAttributeMultiString bkp:DSAttrName="fileExtPriority"/>
+                        <DSAttributeMultiDWORD bkp:DSAttrName="localeID"><DSValue><![CDATA[1033]]></DSValue></DSAttributeMultiDWORD>
+                        <DSAttributeMultiDWORD bkp:DSAttrName="machineArchitecture"><DSValue><![CDATA[150996226]]></DSValue></DSAttributeMultiDWORD>
+                        <DSAttributeDWORD bkp:DSAttrName="versionNumberHi"><DSValue><![CDATA[6]]></DSValue></DSAttributeDWORD>
+                        <DSAttributeDWORD bkp:DSAttrName="versionNumberLo"><DSValue><![CDATA[2]]></DSValue></DSAttributeDWORD>
+                        <DSAttributeDWORD bkp:DSAttrName="revision"><DSValue><![CDATA[0]]></DSValue></DSAttributeDWORD>
+                        <DSAttributeDWORD bkp:DSAttrName="packageType"><DSValue><![CDATA[5]]></DSValue></DSAttributeDWORD>
+                        <DSAttributeDWORD bkp:DSAttrName="packageFlags"><DSValue><![CDATA[2684374128]]></DSValue></DSAttributeDWORD>
+                        <DSAttributeString bkp:DSAttrName="packageName"><DSValue><![CDATA[Local Administrator Password Solution]]></DSValue></DSAttributeString>
+                        <DSAttributeString bkp:DSAttrName="msiScriptPath"><DSValue><![CDATA[\\mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{A67CA9F7-A79B-4487-8906-4DF041098D38}\Machine\Applications\{CB506314-48D4-420C-B7A0-20B98E314140}.aas]]></DSValue></DSAttributeString>
+                        <DSAttributeString bkp:DSAttrName="msiScriptName"><DSValue><![CDATA[A]]></DSValue></DSAttributeString>
+                        <DSAttributeDWORD bkp:DSAttrName="msiScriptSize"/>
+                        <DSAttributeMultiString bkp:DSAttrName="url"/>
+                        <DSAttributeString bkp:DSAttrName="setupCommand"/>
+                        <DSAttributeString bkp:DSAttrName="lastUpdateSequence"><DSValue><![CDATA[20210923103528]]></DSValue></DSAttributeString>
+                        <DSAttributeMultiString bkp:DSAttrName="msiFileList"><DSValue><![CDATA[0:\\mvp.azureblog.pl\SYSVOL\mvp.azureblog.pl\scripts\LAPS\LAPS.x64.msi]]></DSValue></DSAttributeMultiString>
+                        <DSAttributeMultiString bkp:DSAttrName="categories"/>
+                        <DSAttributeMultiString bkp:DSAttrName="canUpgradeScript"/>
+                        <DSAttributeDWORD bkp:DSAttrName="installUiLevel"><DSValue><![CDATA[5]]></DSValue></DSAttributeDWORD>
+                        <DSAttributeBinary bkp:DSAttrName="msiScript"/>
+                        <DSAttributeString bkp:DSAttrName="displayName"><DSValue><![CDATA[Local Administrator Password Solution]]></DSValue></DSAttributeString>
+                        <DSAttributeBinary bkp:DSAttrName="productCode"><DSValue><![CDATA[7b ca e2 97 57 b6 f7 4f a6 db 30 ec c7 3e 1e 28]]></DSValue></DSAttributeBinary>
+                        <DSAttributeBinary bkp:DSAttrName="upgradeProductCode"><DSValue><![CDATA[77 1f 46 a6 33 08 f5 48 a8 a7 86 c3 bf b6 88 7a]]></DSValue></DSAttributeBinary>
+                        <DSAttributeString bkp:DSAttrName="Vendor"/>
+                    </DSObject><DSObject bkp:ObjectClass="packageRegistration" bkp:Path="CN=0d8ea4e6-c25a-4e6e-9058-1f28c9b287dd,CN=Packages,CN=Class Store,%GPO_MACH_DSPATH%" bkp:SourceExpandedPath="CN=0d8ea4e6-c25a-4e6e-9058-1f28c9b287dd,CN=Packages,CN=Class Store,cn=Machine,cn={A67CA9F7-A79B-4487-8906-4DF041098D38},CN=Policies,CN=System,DC=mvp,DC=azureblog,DC=pl" bkp:ReEvaluateFunction="SIProcessPackageObject"><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\Applications\{B317FB0C-A29C-41BA-9030-686D4920EFFC}.aas" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{A67CA9F7-A79B-4487-8906-4DF041098D38}\Machine\Applications\{B317FB0C-A29C-41BA-9030-686D4920EFFC}.aas" bkp:Location="DomainSysvol\GPO\Machine\Applications\{B317FB0C-A29C-41BA-9030-686D4920EFFC}.aas"/>
+                        <SecurityDescriptor>01 00 04 8c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 14 01 0a 00 00 00 00 00 24 00 ff 01 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 00 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 14 00 ff 01 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 05 12 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 12 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 12 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 07 02 00 00 00 12 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 12 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 12 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 1a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor>
+                        <DSAttributeBinary bkp:DSAttrName="objectGUID"><DSValue><![CDATA[08 05 8f ac 3c b0 f7 44 a8 b2 62 26 0c 53 61 17]]></DSValue></DSAttributeBinary>
+                        <DSAttributeMultiString bkp:DSAttrName="cOMClassID"><DSValue><![CDATA[00000000-0000-0000-0000-000000000000:0]]></DSValue></DSAttributeMultiString>
+                        <DSAttributeMultiString bkp:DSAttrName="cOMProgID"/>
+                        <DSAttributeMultiString bkp:DSAttrName="fileExtPriority"/>
+                        <DSAttributeMultiDWORD bkp:DSAttrName="localeID"><DSValue><![CDATA[1033]]></DSValue></DSAttributeMultiDWORD>
+                        <DSAttributeMultiDWORD bkp:DSAttrName="machineArchitecture"><DSValue><![CDATA[1282]]></DSValue></DSAttributeMultiDWORD>
+                        <DSAttributeDWORD bkp:DSAttrName="versionNumberHi"><DSValue><![CDATA[6]]></DSValue></DSAttributeDWORD>
+                        <DSAttributeDWORD bkp:DSAttrName="versionNumberLo"><DSValue><![CDATA[2]]></DSValue></DSAttributeDWORD>
+                        <DSAttributeDWORD bkp:DSAttrName="revision"><DSValue><![CDATA[0]]></DSValue></DSAttributeDWORD>
+                        <DSAttributeDWORD bkp:DSAttrName="packageType"><DSValue><![CDATA[5]]></DSValue></DSAttributeDWORD>
+                        <DSAttributeDWORD bkp:DSAttrName="packageFlags"><DSValue><![CDATA[2684439664]]></DSValue></DSAttributeDWORD>
+                        <DSAttributeString bkp:DSAttrName="packageName"><DSValue><![CDATA[Local Administrator Password Solution (2)]]></DSValue></DSAttributeString>
+                        <DSAttributeString bkp:DSAttrName="msiScriptPath"><DSValue><![CDATA[\\mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{A67CA9F7-A79B-4487-8906-4DF041098D38}\Machine\Applications\{B317FB0C-A29C-41BA-9030-686D4920EFFC}.aas]]></DSValue></DSAttributeString>
+                        <DSAttributeString bkp:DSAttrName="msiScriptName"><DSValue><![CDATA[A]]></DSValue></DSAttributeString>
+                        <DSAttributeDWORD bkp:DSAttrName="msiScriptSize"/>
+                        <DSAttributeMultiString bkp:DSAttrName="url"/>
+                        <DSAttributeString bkp:DSAttrName="setupCommand"/>
+                        <DSAttributeString bkp:DSAttrName="lastUpdateSequence"><DSValue><![CDATA[20210923103608]]></DSValue></DSAttributeString>
+                        <DSAttributeMultiString bkp:DSAttrName="msiFileList"><DSValue><![CDATA[0:\\mvp.azureblog.pl\SYSVOL\mvp.azureblog.pl\scripts\LAPS\LAPS.x86.msi]]></DSValue></DSAttributeMultiString>
+                        <DSAttributeMultiString bkp:DSAttrName="categories"/>
+                        <DSAttributeMultiString bkp:DSAttrName="canUpgradeScript"/>
+                        <DSAttributeDWORD bkp:DSAttrName="installUiLevel"><DSValue><![CDATA[5]]></DSValue></DSAttributeDWORD>
+                        <DSAttributeBinary bkp:DSAttrName="msiScript"/>
+                        <DSAttributeString bkp:DSAttrName="displayName"><DSValue><![CDATA[Local Administrator Password Solution (2)]]></DSValue></DSAttributeString>
+                        <DSAttributeBinary bkp:DSAttrName="productCode"><DSValue><![CDATA[11 cd ea f9 26 3a 93 46 a5 3e ea af ae ac c1 49]]></DSValue></DSAttributeBinary>
+                        <DSAttributeBinary bkp:DSAttrName="upgradeProductCode"><DSValue><![CDATA[77 1f 46 a6 33 08 f5 48 a8 a7 86 c3 bf b6 88 7a]]></DSValue></DSAttributeBinary>
+                        <DSAttributeString bkp:DSAttrName="Vendor"/>
+                    </DSObject>
+                        <SecurityDescriptor/>
+                        <DSAttributeBinary bkp:DSAttrName="objectGUID"/>
+                        <DSAttributeMultiString bkp:DSAttrName="cOMClassID"/>
+                        <DSAttributeMultiString bkp:DSAttrName="cOMProgID"/>
+                        <DSAttributeMultiString bkp:DSAttrName="fileExtPriority"/>
+                        <DSAttributeMultiDWORD bkp:DSAttrName="localeID"/>
+                        <DSAttributeMultiDWORD bkp:DSAttrName="machineArchitecture"/>
+                        <DSAttributeDWORD bkp:DSAttrName="versionNumberHi"/>
+                        <DSAttributeDWORD bkp:DSAttrName="versionNumberLo"/>
+                        <DSAttributeDWORD bkp:DSAttrName="revision"/>
+                        <DSAttributeDWORD bkp:DSAttrName="packageType"/>
+                        <DSAttributeDWORD bkp:DSAttrName="packageFlags"/>
+                        <DSAttributeString bkp:DSAttrName="packageName"/>
+                        <DSAttributeString bkp:DSAttrName="msiScriptPath"/>
+                        <DSAttributeString bkp:DSAttrName="msiScriptName"/>
+                        <DSAttributeDWORD bkp:DSAttrName="msiScriptSize"/>
+                        <DSAttributeMultiString bkp:DSAttrName="url"/>
+                        <DSAttributeString bkp:DSAttrName="setupCommand"/>
+                        <DSAttributeString bkp:DSAttrName="lastUpdateSequence"/>
+                        <DSAttributeMultiString bkp:DSAttrName="msiFileList"/>
+                        <DSAttributeMultiString bkp:DSAttrName="categories"/>
+                        <DSAttributeMultiString bkp:DSAttrName="canUpgradeScript"/>
+                        <DSAttributeDWORD bkp:DSAttrName="installUiLevel"/>
+                        <DSAttributeBinary bkp:DSAttrName="msiScript"/>
+                        <DSAttributeString bkp:DSAttrName="displayName"/>
+                        <DSAttributeBinary bkp:DSAttrName="productCode"/>
+                        <DSAttributeBinary bkp:DSAttrName="upgradeProductCode"/>
+                        <DSAttributeString bkp:DSAttrName="Vendor"/>
+                    </DSObject>
+                </DSObject>
+                <DSAttributeDWORD bkp:DSAttrName="appSchemaVersion"><DSValue><![CDATA[1740]]></DSValue></DSAttributeDWORD>
+                <DSAttributeString bkp:DSAttrName="extensionName"><DSValue><![CDATA[LAPSInstallation-v1.0]]></DSValue></DSAttributeString>
+                <DSAttributeString bkp:DSAttrName="description"><DSValue><![CDATA[Application Store]]></DSValue></DSAttributeString>
+                <DSAttributeExpandedString bkp:DSAttrName="displayName">
+                    <DSValue>LDAP://%GPO_DSPATH%</DSValue>
+                </DSAttributeExpandedString>
+            </DSObject>
+        </GroupPolicyExtension>
+    <GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Applications" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{A67CA9F7-A79B-4487-8906-4DF041098D38}\Machine\Applications" bkp:Location="DomainSysvol\GPO\Machine\Applications"/><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\comment.cmtx" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{A67CA9F7-A79B-4487-8906-4DF041098D38}\Machine\comment.cmtx" bkp:Location="DomainSysvol\GPO\Machine\comment.cmtx"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Microsoft" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{A67CA9F7-A79B-4487-8906-4DF041098D38}\Machine\Microsoft" bkp:Location="DomainSysvol\GPO\Machine\Microsoft"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Microsoft\Windows NT" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{A67CA9F7-A79B-4487-8906-4DF041098D38}\Machine\Microsoft\Windows NT" bkp:Location="DomainSysvol\GPO\Machine\Microsoft\Windows NT"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Microsoft\Windows NT\SecEdit" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{A67CA9F7-A79B-4487-8906-4DF041098D38}\Machine\Microsoft\Windows NT\SecEdit" bkp:Location="DomainSysvol\GPO\Machine\Microsoft\Windows NT\SecEdit"/><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\Microsoft\Windows NT\SecEdit\GptTmpl.inf" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{A67CA9F7-A79B-4487-8906-4DF041098D38}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf" bkp:Location="DomainSysvol\GPO\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{A67CA9F7-A79B-4487-8906-4DF041098D38}\Machine\Scripts" bkp:Location="DomainSysvol\GPO\Machine\Scripts"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Shutdown" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{A67CA9F7-A79B-4487-8906-4DF041098D38}\Machine\Scripts\Shutdown" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Shutdown"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Startup" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{A67CA9F7-A79B-4487-8906-4DF041098D38}\Machine\Scripts\Startup" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Startup"/></GroupPolicyExtension></GroupPolicyObject>
+</GroupPolicyBackupScheme>
\ No newline at end of file
diff --git a/LAPS/GPO/{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}/DomainSysvol/GPO/Machine/Applications/{B317FB0C-A29C-41BA-9030-686D4920EFFC}.aas b/LAPS/GPO/{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}/DomainSysvol/GPO/Machine/Applications/{B317FB0C-A29C-41BA-9030-686D4920EFFC}.aas
new file mode 100644
index 0000000..cbe28c8
Binary files /dev/null and b/LAPS/GPO/{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}/DomainSysvol/GPO/Machine/Applications/{B317FB0C-A29C-41BA-9030-686D4920EFFC}.aas differ
diff --git a/LAPS/GPO/{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}/DomainSysvol/GPO/Machine/Applications/{CB506314-48D4-420C-B7A0-20B98E314140}.aas b/LAPS/GPO/{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}/DomainSysvol/GPO/Machine/Applications/{CB506314-48D4-420C-B7A0-20B98E314140}.aas
new file mode 100644
index 0000000..8da8d7e
Binary files /dev/null and b/LAPS/GPO/{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}/DomainSysvol/GPO/Machine/Applications/{CB506314-48D4-420C-B7A0-20B98E314140}.aas differ
diff --git a/LAPS/GPO/{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}/DomainSysvol/GPO/Machine/Microsoft/Windows NT/SecEdit/GptTmpl.inf b/LAPS/GPO/{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}/DomainSysvol/GPO/Machine/Microsoft/Windows NT/SecEdit/GptTmpl.inf
new file mode 100644
index 0000000..91061e3
Binary files /dev/null and b/LAPS/GPO/{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}/DomainSysvol/GPO/Machine/Microsoft/Windows NT/SecEdit/GptTmpl.inf differ
diff --git a/LAPS/GPO/{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}/DomainSysvol/GPO/Machine/comment.cmtx b/LAPS/GPO/{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}/DomainSysvol/GPO/Machine/comment.cmtx
new file mode 100644
index 0000000..4b8fa9f
--- /dev/null
+++ b/LAPS/GPO/{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}/DomainSysvol/GPO/Machine/comment.cmtx
@@ -0,0 +1,12 @@
+<?xml version='1.0' encoding='utf-8'?>
+<policyComments xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://www.microsoft.com/GroupPolicy/CommentDefinitions">
+  <policyNamespaces>
+    <using prefix="ns0" namespace="FullArmor.Policies.C9E1D975_EA58_48C3_958E_3BC214D89A2E"></using>
+  </policyNamespaces>
+  <comments>
+    <admTemplate></admTemplate>
+  </comments>
+  <resources minRequiredRevision="1.0">
+    <stringTable></stringTable>
+  </resources>
+</policyComments>
\ No newline at end of file
diff --git a/LAPS/GPO/{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}/DomainSysvol/GPO/Machine/registry.pol b/LAPS/GPO/{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}/DomainSysvol/GPO/Machine/registry.pol
new file mode 100644
index 0000000..75e2a09
Binary files /dev/null and b/LAPS/GPO/{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}/DomainSysvol/GPO/Machine/registry.pol differ
diff --git a/LAPS/GPO/{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}/bkupInfo.xml b/LAPS/GPO/{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}/bkupInfo.xml
new file mode 100644
index 0000000..28644dd
--- /dev/null
+++ b/LAPS/GPO/{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}/bkupInfo.xml
@@ -0,0 +1 @@
+<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" xmlns:mfst="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" mfst:SIPresent="true"><GPOGuid><![CDATA[{A67CA9F7-A79B-4487-8906-4DF041098D38}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:50:15]]></BackupTime><ID><![CDATA[{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[LAPSInstallation-v1.0]]></GPODisplayName></BackupInst>
diff --git a/LAPS/GPO/{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}/gpreport.xml b/LAPS/GPO/{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}/gpreport.xml
new file mode 100644
index 0000000..96e24b5
Binary files /dev/null and b/LAPS/GPO/{8A583568-6BE3-4D47-B7C3-65D6AA4C8F5F}/gpreport.xml differ
diff --git a/LAPS/LAPS_steps.ps1 b/LAPS/LAPS_steps.ps1
index cd89862..de8c433 100644
--- a/LAPS/LAPS_steps.ps1
+++ b/LAPS/LAPS_steps.ps1
@@ -1,18 +1,18 @@
 Throw "this is not a robust file"
 $location = Get-Location
-Set-Location C:\Tools\LAPS
 $dsnAME = (Get-ADDomain).DistinguishedName
 $domain = $env:USERDNSDOMAIN
-
-Throw "Please download LAPS from aka.ms/laps and put the msi files into the C:\Tools\LAPS\LAPS"
+$ScriptsLocation =  "C:\Tools\ADSecurity\LAPS"
+Set-Location $ScriptsLocation
 
 #Copy LAPS msi files to sysvol
-    .\CopyTo-Sysvol.ps1 -FilesPath C:\ADSecurity\LAPS\LAPS -Verbose
+    Get-ChildItem -Path "$ScriptsLocation\LAPS\Binaries\Laps" |Unblock-File
+    .$ScriptsLocation\LAPS\Scripts\CopyTo-Sysvol.ps1 -FilesPath "$ScriptsLocation\LAPS\Binaries\LAPS" -DefaultSysvolPlacement -Verbose
 
 #schema extension with LAPS     #64 on DC LAB
-        $lapsPath = "\\$Domain\SysVol\$Domain\Scripts\LAPS\LAPS.x64.msi"
-        $expression = "C:\Windows\System32\msiexec.exe /i $lapsPath ADDLOCAL=CSE,Management,Management.UI,Management.PS,Management.ADMX /quiet"
-        Invoke-Expression $expression
+    $lapsPath = "\\$Domain\SysVol\$Domain\Scripts\Laps\LAPS.x64.msi"
+    $expression = "C:\Windows\System32\msiexec.exe /i $LapsPath ADDLOCAL=CSE,Management,Management.UI,Management.PS,Management.ADMX /quiet"
+    Invoke-Expression $expression
 <#
     #64 on PAW
         $lapsPath = "\\$Domain\SysVol\$Domain\Scripts\LAPS.x64.msi"
@@ -24,50 +24,39 @@ Throw "Please download LAPS from aka.ms/laps and put the msi files into the C:\T
         Invoke-Expression $expression
 #>
 #run as a member of schema admins group
+    start-sleep 60
     Import-module AdmPwd.PS  
     Update-AdmPwdADSchema 
+    Import-module AdmPwd.PS  
 
 #Allow computers  to store passwords
     Import-module AdmPwd.PS  
-    Set-AdmPwdComputerSelfPermission -Identity "OU=Devices,OU=Tier0,OU=Admin,$dsname"
-    Set-AdmPwdComputerSelfPermission -Identity "OU=Tier0 Servers,OU=Tier0,OU=Admin,$dsname"
-    Set-AdmPwdComputerSelfPermission -Identity "OU=Devices,OU=Tier1,OU=Admin,$dsname"
-    Set-AdmPwdComputerSelfPermission -Identity "OU=Tier 1 Servers,$dsname"
-    Set-AdmPwdComputerSelfPermission -Identity "OU=Workstations,$dsname"
+    Set-AdmPwdComputerSelfPermission -Identity "OU=PAW,OU=Tier0,OU=Admin,$dsname"
+    Set-AdmPwdComputerSelfPermission -Identity "OU=Servers,OU=Tier0,OU=Admin,$dsname"
+    Set-AdmPwdComputerSelfPermission -Identity "OU=PAW,OU=Tier1,OU=Admin,$dsname"
+    Set-AdmPwdComputerSelfPermission -Identity "OU=Servers,OU=Tier1,OU=Admin,$dsname"
+    Set-AdmPwdComputerSelfPermission -Identity "OU=Computers,OU=AzureBlog,$dsname"
     Set-AdmPwdComputerSelfPermission -Identity "OU=Quarantine,$dsname"
 
 #Allow users to read passwords
     Import-module AdmPwd.PS  
-    Set-AdmPwdReadPasswordPermission -Identity "OU=Devices,OU=Tier0,OU=Admin,$dsname" -AllowedPrincipals "Domain Admins"
-    Set-AdmPwdReadPasswordPermission -Identity "OU=Tier0 Servers,OU=Tier0,OU=Admin,$dsname" -AllowedPrincipals "Domain Admins"
-    Set-AdmPwdReadPasswordPermission -Identity "OU=Devices,OU=Tier1,OU=Admin,$dsname" -AllowedPrincipals "Domain Admins","tier1admins"
-    Set-AdmPwdReadPasswordPermission -Identity "OU=Tier 1 Servers,$dsname" -AllowedPrincipals "Domain Admins","tier1admins"
-    Set-AdmPwdReadPasswordPermission -Identity "OU=Workstations,$dsname" -AllowedPrincipals "Domain Admins","tier1admins"
-    Set-AdmPwdReadPasswordPermission -Identity "OU=Quarantine,$dsname" -AllowedPrincipals "Domain Admins","tier2admins"
+    Set-AdmPwdReadPasswordPermission -Identity "OU=PAW,OU=Tier0,OU=Admin,$dsname" -AllowedPrincipals "t0-admins"
+    Set-AdmPwdReadPasswordPermission -Identity "OU=Servers,OU=Tier0,OU=Admin,$dsname" -AllowedPrincipals "t0-admins"
+    Set-AdmPwdReadPasswordPermission -Identity "OU=PAW,OU=Tier1,OU=Admin,$dsname" -AllowedPrincipals "t0-admins","t1-admins"
+    Set-AdmPwdReadPasswordPermission -Identity "OU=Servers,OU=Tier1,OU=Admin,$dsname" -AllowedPrincipals "t0-admins","t1-admins"
+    Set-AdmPwdReadPasswordPermission -Identity "OU=Computers,OU=AzureBlog,$dsname" -AllowedPrincipals "t0-admins","t1-admins"
+    Set-AdmPwdReadPasswordPermission -Identity "OU=Quarantine,$dsname" -AllowedPrincipals "t0-admins","t2-admins"
 
 #Alow users to reset passwords
     Import-module AdmPwd.PS  
-    Set-AdmPwdResetPasswordPermission -Identity "OU=Devices,OU=Tier0,OU=Admin,$dsname" -AllowedPrincipals "Domain Admins"
-    Set-AdmPwdResetPasswordPermission -Identity "OU=Tier0 Servers,OU=Tier0,OU=Admin,$dsname" -AllowedPrincipals "Domain Admins"
-    Set-AdmPwdResetPasswordPermission -Identity "OU=Devices,OU=Tier1,OU=Admin,$dsname" -AllowedPrincipals "Domain Admins","tier1admins"
-    Set-AdmPwdResetPasswordPermission -Identity "OU=Tier 1 Servers,$dsname" -AllowedPrincipals "Domain Admins","tier1admins"
-    Set-AdmPwdResetPasswordPermission -Identity "OU=Workstations,$dsname" -AllowedPrincipals "Domain Admins","tier1admins"
-    Set-AdmPwdResetPasswordPermission -Identity "OU=Quarantine,$dsname" -AllowedPrincipals "Domain Admins","tier2admins"
-
-#LAPS Installation GPO
-	Name: LAPSInstallation-v1.0
-    Source Starter GPO: (none)
-    GPO Status: User configuration settings disabled
-    Category 	 	 	 	Package Placement	 	 	 	 	 	 	 	Deploy Software	Additional Info
-    Software Installation	\\$domain\sysvol\$domain\scripts\LAPS\LAPS.x64.msi   Assigned	
-    Category 	 	 	 	Package Placement	 	 	 	 	 	 	 	Deploy Software	Additional Info
-    Software Installation	\\$domain\sysvol\$domainscripts\LAPS\LAPS.x86.msi    Assigned		Uncheck Make this 32-bit x86 appliction available to Win64 machines
-
-#LAPS Configuration Policy
-    Name: LAPSConfiguration-v1.0
-    Source Starter GPO: (none)
-    GPO Status: User configuration settings disabled
-    Category					Subcategory		Policy	 								Setting
-
-    Administrative Templates 	LAPS			Password Settings						Enabled
-                                                                                        Password Complexity: Large letters + small letters + numbers + specials
+    Set-AdmPwdResetPasswordPermission -Identity "OU=PAW,OU=Tier0,OU=Admin,$dsname" -AllowedPrincipals "t0-admins"
+    Set-AdmPwdResetPasswordPermission -Identity "OU=Servers,OU=Tier0,OU=Admin,$dsname" -AllowedPrincipals "t0-admins"
+    Set-AdmPwdResetPasswordPermission -Identity "OU=PAW,OU=Tier1,OU=Admin,$dsname" -AllowedPrincipals "t0-admins","t1-admins"
+    Set-AdmPwdResetPasswordPermission -Identity "OU=Servers,OU=Tier1,OU=Admin,$dsname" -AllowedPrincipals "t0-admins","t1-admins"
+    Set-AdmPwdResetPasswordPermission -Identity "OU=Computers,OU=AzureBlog,$dsname" -AllowedPrincipals "t0-admins","t1-admins"
+    Set-AdmPwdResetPasswordPermission -Identity "OU=Quarantine,$dsname" -AllowedPrincipals "t0-admins","t2-admins"
+
+#Gpo Import
+    $backupPath = "$ScriptsLocation\LAPS\GPO"
+    .$ScriptsLocation\LAPS\Scripts\Import-GPO.ps1 -BackupPath $backupPath -Verbose
+    cd $location
diff --git a/LAPS/Scripts/CopyTo-Sysvol.ps1 b/LAPS/Scripts/CopyTo-Sysvol.ps1
new file mode 100644
index 0000000..ade6ea6
--- /dev/null
+++ b/LAPS/Scripts/CopyTo-Sysvol.ps1
@@ -0,0 +1,74 @@
+<#
+    .SYNOPSIS 
+    Run get-help -example CopyTo-Sysvol.ps1 for examples
+
+    .EXAMPLE
+        .\CopyTo-Sysvol.ps1 -FilesPath C:\LAPS -DefaultSysvolPlacement -Verbose
+        VERBOSE: Declared SYSVOL path: 'C:\Windows\Sysvol\'
+        VERBOSE: Folder :'C:\Windows\Sysvol\\Sysvol\azureblog.pl\scripts' already exists
+        VERBOSE: Copying files from path 'C:\LAPS' to 'C:\Windows\Sysvol\Sysvol\azureblog.pl\scripts' using Recurse mode
+
+
+        Directory: C:\Windows\Sysvol\Sysvol\azureblog.pl\scripts
+
+
+        Mode                LastWriteTime         Length Name                                                                                                                                
+        ----                -------------         ------ ----                                                                                                                                
+        d-----       02.02.2020     13:02                LAPS   
+    
+    .EXAMPLE
+        .\CopyTo-Sysvol.ps1 -filesPath C:\LAPS -CustomSysvolPlacement -CustomSysvolPath C:\test -Verbose
+        VERBOSE: Declared SYSVOL path: 'C:\test'
+        VERBOSE: Folder :'C:\test\Sysvol\azureblog.pl\scripts' already exists
+        VERBOSE: Copying files from path 'C:\LAPS' to 'C:\test\Sysvol\azureblog.pl\scripts' using Recurse mode
+
+
+            Directory: C:\LAPS
+
+
+        Mode                LastWriteTime         Length Name                                                                                                                                                                                                                              
+        ----                -------------         ------ ----                                                                                                                                                                                                                              
+        -a----       05.12.2019     19:56        1019904 LAPS.x64.msi                                                                                                                                                                                                                      
+        -a----       05.12.2019     19:56         991232 LAPS.x86.msi                                                                                                                                                                                                                      
+
+#>
+[CmdletBinding(DefaultParametersetName = "DefaultSysvolPath")]
+param (
+    [parameter(Mandatory = $true)]
+    [ValidateScript( { Test-Path $_ })]
+    [string]$FilesPath,
+    [parameter(ParameterSetName = "DefaultSysvolPath")]
+    [switch]$DefaultSysvolPlacement,    
+    [parameter(ParameterSetName = "CustomSysvolPath")]
+    [switch]$CustomSysvolPlacement,
+    [parameter(ParameterSetName = "CustomSysvolPath", Mandatory = $true)]
+    [ValidateScript( { Test-Path $_ })]
+    [string]$CustomSysvolPath
+)
+
+$domain = $env:USERDNSDOMAIN
+switch ($PsCmdlet.ParameterSetName) {
+    "DefaultSysvolPath" {
+        $sysvolPath = "C:\Windows\Sysvol"
+    }
+    "CustomSysvolPath" {
+        $sysvolPath = $CustomSysvolPath
+    }
+}
+Write-Host "Declared SYSVOL path: '$sysvolPath'" -ForegroundColor Green
+
+$scriptsPath = "$sysvolPath\Sysvol\$domain\scripts"
+$scriptsTest = Test-Path -Path $scriptsPath
+if ($scriptstest -eq $false) {
+    Write-Error "There is no such a folder: '$scriptsPath'"
+}
+$filesPathTest = Test-Path -Path $scriptsPath
+if ($filesPathTest -eq $true) {
+    Write-Host "Folder :'$scriptsPath' already exists" -ForegroundColor Yellow
+}
+
+Write-Host "Copying files from path '$FilesPath' to '$scriptsPath' using Recurse mode" -ForegroundColor Green
+Write-Verbose 'Copy-Item -Path $FilesPath -Destination $scriptsPath -Recurse -Force'
+Copy-Item -Path $FilesPath -Destination $scriptsPath -Recurse -Force 
+
+Get-ChildItem -Path $scriptsPath
diff --git a/LAPS/Scripts/Import-GPO.ps1 b/LAPS/Scripts/Import-GPO.ps1
new file mode 100644
index 0000000..624e346
--- /dev/null
+++ b/LAPS/Scripts/Import-GPO.ps1
@@ -0,0 +1,36 @@
+<#
+    .Example
+    $BackupPath = Read-Host -Prompt "Please provide full path to GPO backups"
+    .\Import-GPO.ps1 -BackupPath $BackupPath -Verbose
+
+#>
+
+[CmdletBinding()]
+param(
+    [Parameter(Mandatory = $True)][string] $BackupPath,
+    [string] $GPOMigrationTable
+)
+
+$backupList = Get-ChildItem -Path $BackupPath -Exclude "manifest.xml"
+Set-Location $BackupPath
+$location = Get-Location
+foreach ($item in $backupList){
+    $backupID = $null
+    $xmlFilePath = $null
+    $gpoName = $null
+    $backupID = $item.name -replace "{","" -replace "}",""
+    $xmlFilePath = ".\$($item.name)\gpreport.xml"
+    [xml]$xmlFile = Get-Content -Path $xmlFilePath
+    $gpoName = $xmlFile.GPO.Name
+    Write-Host "Importing new GPO '$gpoName' with GUID '$backupID'" -ForegroundColor Green
+    Write-Host "Please remember to update proper groups in GPO settings" -ForegroundColor Green
+    if ($GPOMigrationTable -eq "") {
+        Write-Verbose 'Import-GPO -BackupId $backupID -TargetName $gpoName -Path $BackupPath -CreateIfNeeded'
+        Import-GPO -BackupId $backupID -TargetName $gpoName -Path $BackupPath -CreateIfNeeded
+    }
+    else {
+        Write-Verbose 'Import-GPO -BackupId $backupID -TargetName $gpoName -Path $BackupPath -MigrationTable $GPOMigrationTable -CreateIfNeeded'
+        Import-GPO -BackupId $backupID -TargetName $gpoName -Path $BackupPath -MigrationTable $GPOMigrationTable -CreateIfNeeded
+    }    
+    Set-Location $location
+}
\ No newline at end of file
diff --git a/PAW/GPO/manifest.xml b/PAW/GPO/manifest.xml
new file mode 100644
index 0000000..bf1020d
--- /dev/null
+++ b/PAW/GPO/manifest.xml
@@ -0,0 +1 @@
+<Backups xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" xmlns:mfst="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" mfst:version="1.0"><BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{CDED7DAD-E859-4B3A-AE3D-49306786A4EB}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:49:33]]></BackupTime><ID><![CDATA[{76018172-90F7-4D1B-83B4-568B7808BDBC}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Tier1 Restrict Server Logon]]></GPODisplayName></BackupInst><BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{C4FBC814-7234-403A-9581-CD8E020684F4}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:49:33]]></BackupTime><ID><![CDATA[{FA607D99-8C41-4373-B6A6-D3266E99C7F7}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Tier2 Restrict Workstation Logon]]></GPODisplayName></BackupInst><BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{5A4F5161-3F70-4F87-A673-78DC3887CCD5}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:49:32]]></BackupTime><ID><![CDATA[{28C348CE-97B1-49B9-BF68-B62BB1B2B6F2}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Tier1 PAW Configuration - Computer]]></GPODisplayName></BackupInst><BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{2A2A227E-FF56-4442-A0A7-C04BDD003358}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:49:32]]></BackupTime><ID><![CDATA[{40241693-44C9-4170-9290-8E8BE7A271FA}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Tier1 PAW Configuration - User]]></GPODisplayName></BackupInst><BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{40D23CDA-75A8-458C-A49A-C35ECD719571}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:49:32]]></BackupTime><ID><![CDATA[{5BF7D886-3664-4716-97F7-32AF055F38DF}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Tier1 PAW Configuration - User PAC]]></GPODisplayName></BackupInst><BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{C1DC266F-FB31-435F-B8B1-CEC5DF1FC828}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:49:31]]></BackupTime><ID><![CDATA[{09643CDF-4D0B-4865-9836-F7432F213B4A}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Tier0 Restrict Server Logon]]></GPODisplayName></BackupInst><BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{AC7E6B74-4ADE-480F-8862-47CED576E8B5}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:49:31]]></BackupTime><ID><![CDATA[{9301378B-D13F-4DAB-A7E3-7B1DF17E1534}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Tier0 PAW Configuration - User]]></GPODisplayName></BackupInst><BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{932FE5DD-81BD-482A-A0B7-36140CEBC74F}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:49:31]]></BackupTime><ID><![CDATA[{A6592F94-2D7C-4FA3-8B0C-9655F3AE83CF}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Tier0 PAW Configuration - Computer]]></GPODisplayName></BackupInst><BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{F2DC4F2C-D889-4AD5-8AE8-7C93FACEFC13}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:49:31]]></BackupTime><ID><![CDATA[{CC4086FF-885D-4788-86AC-A348C91923CA}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Tier0 PAW Configuration - User PAC]]></GPODisplayName></BackupInst><BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{730D64B2-5262-4F7B-8323-B08105F4AC3C}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:49:30]]></BackupTime><ID><![CDATA[{B3400906-DAE7-48A1-9F3F-1E2E117CF07B}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Do Not Display Logon Information]]></GPODisplayName></BackupInst><BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{8E159B0A-34BF-4B39-9AEF-743863455878}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:49:30]]></BackupTime><ID><![CDATA[{FD46ED83-28F1-448B-B383-7FEA9D0D532A}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Restrict Quarantine Logon]]></GPODisplayName></BackupInst></Backups>
\ No newline at end of file
diff --git a/PAW/GPO/{09643CDF-4D0B-4865-9836-F7432F213B4A}/Backup.xml b/PAW/GPO/{09643CDF-4D0B-4865-9836-F7432F213B4A}/Backup.xml
new file mode 100644
index 0000000..1dbd182
--- /dev/null
+++ b/PAW/GPO/{09643CDF-4D0B-4865-9836-F7432F213B4A}/Backup.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation.  All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
+    <GroupPolicyObject><SecurityGroups><Group><Sid/><SamAccountName><![CDATA[Administrators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid/><SamAccountName><![CDATA[Account Operators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid/><SamAccountName><![CDATA[Backup Operators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid/><SamAccountName><![CDATA[Cryptographic Operators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid/><SamAccountName><![CDATA[Print Operators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid/><SamAccountName><![CDATA[Server Operators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@mvp.azureblog.pl]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Domain Admins@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1104]]></Sid><SamAccountName><![CDATA[Tier1ServerMaintenance]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier1ServerMaintenance@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1105]]></Sid><SamAccountName><![CDATA[Tier2ServiceDeskOperators]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier2ServiceDeskOperators@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1106]]></Sid><SamAccountName><![CDATA[Tier2WorkstationMaintenance]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier2WorkstationMaintenance@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1107]]></Sid><SamAccountName><![CDATA[tier1admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[tier1admins@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1108]]></Sid><SamAccountName><![CDATA[tier2admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[tier2admins@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1109]]></Sid><SamAccountName><![CDATA[Tier0PAWUsers]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier0PAWUsers@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1110]]></Sid><SamAccountName><![CDATA[Tier0PAWMaint]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier0PAWMaint@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1111]]></Sid><SamAccountName><![CDATA[Tier1PAWUsers]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier1PAWUsers@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1112]]></Sid><SamAccountName><![CDATA[Tier1PAWMaint]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier1PAWMaint@mvp.azureblog.pl]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{C1DC266F-FB31-435F-B8B1-CEC5DF1FC828}]]></ID><Domain><![CDATA[mvp.azureblog.pl]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[Tier0 Restrict Server Logon]]></DisplayName><Options><![CDATA[1]]></Options><UserVersionNumber><![CDATA[65537]]></UserVersionNumber><MachineVersionNumber><![CDATA[262148]]></MachineVersionNumber><MachineExtensionGuids><![CDATA[[{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]]]></MachineExtensionGuids><UserExtensionGuids/><WMIFilter/></GroupPolicyCoreSettings> 
+        <GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
+            
+            
+            <FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{C1DC266F-FB31-435F-B8B1-CEC5DF1FC828}\Adm\*.*"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+        <GroupPolicyExtension bkp:ID="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}" bkp:DescName="Security">
+            <FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{C1DC266F-FB31-435F-B8B1-CEC5DF1FC828}\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:ReEvaluateFunction="SecurityValidateSettings" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+    <GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{C1DC266F-FB31-435F-B8B1-CEC5DF1FC828}\Machine\microsoft" bkp:Location="DomainSysvol\GPO\Machine\microsoft"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{C1DC266F-FB31-435F-B8B1-CEC5DF1FC828}\Machine\microsoft\windows nt" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{C1DC266F-FB31-435F-B8B1-CEC5DF1FC828}\Machine\microsoft\windows nt\SecEdit" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{C1DC266F-FB31-435F-B8B1-CEC5DF1FC828}\Machine\Scripts" bkp:Location="DomainSysvol\GPO\Machine\Scripts"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Shutdown" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{C1DC266F-FB31-435F-B8B1-CEC5DF1FC828}\Machine\Scripts\Shutdown" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Shutdown"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Startup" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{C1DC266F-FB31-435F-B8B1-CEC5DF1FC828}\Machine\Scripts\Startup" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Startup"/></GroupPolicyExtension></GroupPolicyObject>
+</GroupPolicyBackupScheme>
\ No newline at end of file
diff --git a/PAW/GPO/{09643CDF-4D0B-4865-9836-F7432F213B4A}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf b/PAW/GPO/{09643CDF-4D0B-4865-9836-F7432F213B4A}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf
new file mode 100644
index 0000000..d3a6b02
Binary files /dev/null and b/PAW/GPO/{09643CDF-4D0B-4865-9836-F7432F213B4A}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf differ
diff --git a/PAW/GPO/{09643CDF-4D0B-4865-9836-F7432F213B4A}/bkupInfo.xml b/PAW/GPO/{09643CDF-4D0B-4865-9836-F7432F213B4A}/bkupInfo.xml
new file mode 100644
index 0000000..ce65ae8
--- /dev/null
+++ b/PAW/GPO/{09643CDF-4D0B-4865-9836-F7432F213B4A}/bkupInfo.xml
@@ -0,0 +1 @@
+<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{C1DC266F-FB31-435F-B8B1-CEC5DF1FC828}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:49:31]]></BackupTime><ID><![CDATA[{09643CDF-4D0B-4865-9836-F7432F213B4A}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Tier0 Restrict Server Logon]]></GPODisplayName></BackupInst>
diff --git a/PAW/GPO/{09643CDF-4D0B-4865-9836-F7432F213B4A}/gpreport.xml b/PAW/GPO/{09643CDF-4D0B-4865-9836-F7432F213B4A}/gpreport.xml
new file mode 100644
index 0000000..3c73701
Binary files /dev/null and b/PAW/GPO/{09643CDF-4D0B-4865-9836-F7432F213B4A}/gpreport.xml differ
diff --git a/PAW/GPO/{28C348CE-97B1-49B9-BF68-B62BB1B2B6F2}/Backup.xml b/PAW/GPO/{28C348CE-97B1-49B9-BF68-B62BB1B2B6F2}/Backup.xml
new file mode 100644
index 0000000..5b9f272
--- /dev/null
+++ b/PAW/GPO/{28C348CE-97B1-49B9-BF68-B62BB1B2B6F2}/Backup.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation.  All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
+    <GroupPolicyObject><SecurityGroups><Group><Sid/><SamAccountName><![CDATA[Administrators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@mvp.azureblog.pl]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Domain Admins@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1111]]></Sid><SamAccountName><![CDATA[Tier1PAWUsers]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier1PAWUsers@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1112]]></Sid><SamAccountName><![CDATA[Tier1PAWMaint]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier1PAWMaint@mvp.azureblog.pl]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{5A4F5161-3F70-4F87-A673-78DC3887CCD5}]]></ID><Domain><![CDATA[mvp.azureblog.pl]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[Tier1 PAW Configuration - Computer]]></DisplayName><Options><![CDATA[1]]></Options><UserVersionNumber><![CDATA[65537]]></UserVersionNumber><MachineVersionNumber><![CDATA[65537]]></MachineVersionNumber><MachineExtensionGuids><![CDATA[[{00000000-0000-0000-0000-000000000000}{79F92669-4224-476C-9C5C-6EFB4D87DF4A}][{17D89FEC-5C44-4972-B12D-241CAEF74509}{79F92669-4224-476C-9C5C-6EFB4D87DF4A}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{B05566AC-FE9C-4368-BE01-7A4CBB6CBA11}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]]]></MachineExtensionGuids><UserExtensionGuids/><WMIFilter/></GroupPolicyCoreSettings> 
+        <GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
+            <FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\registry.pol" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{5A4F5161-3F70-4F87-A673-78DC3887CCD5}\Machine\registry.pol" bkp:Location="DomainSysvol\GPO\Machine\registry.pol"/>
+            
+            <FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{5A4F5161-3F70-4F87-A673-78DC3887CCD5}\Adm\*.*"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+        <GroupPolicyExtension bkp:ID="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}" bkp:DescName="Security">
+            <FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{5A4F5161-3F70-4F87-A673-78DC3887CCD5}\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:ReEvaluateFunction="SecurityValidateSettings" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+    <GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Applications" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{5A4F5161-3F70-4F87-A673-78DC3887CCD5}\Machine\Applications" bkp:Location="DomainSysvol\GPO\Machine\Applications"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{5A4F5161-3F70-4F87-A673-78DC3887CCD5}\Machine\microsoft" bkp:Location="DomainSysvol\GPO\Machine\microsoft"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{5A4F5161-3F70-4F87-A673-78DC3887CCD5}\Machine\microsoft\windows nt" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{5A4F5161-3F70-4F87-A673-78DC3887CCD5}\Machine\microsoft\windows nt\SecEdit" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Preferences" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{5A4F5161-3F70-4F87-A673-78DC3887CCD5}\Machine\Preferences" bkp:Location="DomainSysvol\GPO\Machine\Preferences"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Preferences\Groups" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{5A4F5161-3F70-4F87-A673-78DC3887CCD5}\Machine\Preferences\Groups" bkp:Location="DomainSysvol\GPO\Machine\Preferences\Groups"/><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\Preferences\Groups\Groups.xml" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{5A4F5161-3F70-4F87-A673-78DC3887CCD5}\Machine\Preferences\Groups\Groups.xml" bkp:Location="DomainSysvol\GPO\Machine\Preferences\Groups\Groups.xml"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{5A4F5161-3F70-4F87-A673-78DC3887CCD5}\Machine\Scripts" bkp:Location="DomainSysvol\GPO\Machine\Scripts"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Shutdown" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{5A4F5161-3F70-4F87-A673-78DC3887CCD5}\Machine\Scripts\Shutdown" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Shutdown"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Startup" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{5A4F5161-3F70-4F87-A673-78DC3887CCD5}\Machine\Scripts\Startup" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Startup"/></GroupPolicyExtension></GroupPolicyObject>
+</GroupPolicyBackupScheme>
\ No newline at end of file
diff --git a/PAW/GPO/{28C348CE-97B1-49B9-BF68-B62BB1B2B6F2}/DomainSysvol/GPO/Machine/Preferences/Groups/Groups.xml b/PAW/GPO/{28C348CE-97B1-49B9-BF68-B62BB1B2B6F2}/DomainSysvol/GPO/Machine/Preferences/Groups/Groups.xml
new file mode 100644
index 0000000..a95052f
--- /dev/null
+++ b/PAW/GPO/{28C348CE-97B1-49B9-BF68-B62BB1B2B6F2}/DomainSysvol/GPO/Machine/Preferences/Groups/Groups.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Groups clsid="{3125E937-EB16-4b4c-9934-544FC6D24D26}"><Group clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}" name="Administrators (built-in)" image="2" changed="2020-05-03 10:24:35" uid="{69D13DA4-35EF-4306-B21B-8945B0B074FB}" userContext="0" removePolicy="0"><Properties action="U" newName="" description="" deleteAllUsers="1" deleteAllGroups="1" removeAccounts="0" groupSid="S-1-5-32-544" groupName="Administrators (built-in)"><Members><Member name="Administrator" action="ADD" sid=""/><Member name="AZUREBLOG\Tier1 PAW Maintenance" action="ADD" sid="S-1-5-21-657827913-1895599540-1755036276-2604"/></Members></Properties></Group>
+	<Group clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}" name="Backup Operators (built-in)" image="2" changed="2020-05-02 19:51:51" uid="{8EF6A831-772A-44E7-8C06-F989A132A915}"><Properties action="U" newName="" description="" deleteAllUsers="1" deleteAllGroups="1" removeAccounts="0" groupSid="S-1-5-32-551" groupName="Backup Operators (built-in)"/></Group>
+	<Group clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}" name="Cryptographic Operators (built-in)" image="2" changed="2020-05-02 19:52:09" uid="{8921DB1D-B0EA-47C0-939A-DE8EC751F0A6}"><Properties action="U" newName="" description="" deleteAllUsers="1" deleteAllGroups="1" removeAccounts="0" groupSid="S-1-5-32-569" groupName="Cryptographic Operators (built-in)"/></Group>
+	<Group clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}" name="Network Configuration Operators (built-in)" image="2" changed="2020-05-02 19:52:31" uid="{C0487B91-76A7-46E0-A1AE-E98C0E3A4DB3}"><Properties action="U" newName="" description="" deleteAllUsers="1" deleteAllGroups="1" removeAccounts="0" groupSid="S-1-5-32-556" groupName="Network Configuration Operators (built-in)"/></Group>
+	<Group clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}" name="Power Users (built-in)" image="2" changed="2020-05-02 19:52:40" uid="{641914FE-D604-44BE-9D86-937EE0A21B0C}"><Properties action="U" newName="" description="" deleteAllUsers="1" deleteAllGroups="1" removeAccounts="0" groupSid="S-1-5-32-547" groupName="Power Users (built-in)"/></Group>
+	<Group clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}" name="Remote Desktop Users (built-in)" image="2" changed="2020-05-03 17:55:32" uid="{6AD9FE21-6AEE-441D-9BDF-1B5CD8632002}"><Properties action="U" newName="" description="" deleteAllUsers="1" deleteAllGroups="1" removeAccounts="0" groupSid="S-1-5-32-555" groupName="Remote Desktop Users (built-in)"><Members><Member name="AZUREBLOG\Tier1 PAW Maintenance" action="ADD" sid="S-1-5-21-657827913-1895599540-1755036276-2604"/><Member name="AZUREBLOG\Tier1 PAW Users" action="ADD" sid="S-1-5-21-657827913-1895599540-1755036276-2603"/></Members></Properties></Group>
+	<Group clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}" name="Replicators (built-in)" image="2" changed="2020-05-02 19:52:59" uid="{252820B0-356C-4E4B-940C-66A74C87B0F2}"><Properties action="U" newName="" description="" deleteAllUsers="1" deleteAllGroups="1" removeAccounts="0" groupSid="S-1-5-32-552" groupName="Replicators (built-in)"/></Group>
+</Groups>
diff --git a/PAW/GPO/{28C348CE-97B1-49B9-BF68-B62BB1B2B6F2}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf b/PAW/GPO/{28C348CE-97B1-49B9-BF68-B62BB1B2B6F2}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf
new file mode 100644
index 0000000..b661eb8
Binary files /dev/null and b/PAW/GPO/{28C348CE-97B1-49B9-BF68-B62BB1B2B6F2}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf differ
diff --git a/PAW/GPO/{28C348CE-97B1-49B9-BF68-B62BB1B2B6F2}/DomainSysvol/GPO/Machine/registry.pol b/PAW/GPO/{28C348CE-97B1-49B9-BF68-B62BB1B2B6F2}/DomainSysvol/GPO/Machine/registry.pol
new file mode 100644
index 0000000..5a00da1
Binary files /dev/null and b/PAW/GPO/{28C348CE-97B1-49B9-BF68-B62BB1B2B6F2}/DomainSysvol/GPO/Machine/registry.pol differ
diff --git a/PAW/GPO/{28C348CE-97B1-49B9-BF68-B62BB1B2B6F2}/bkupInfo.xml b/PAW/GPO/{28C348CE-97B1-49B9-BF68-B62BB1B2B6F2}/bkupInfo.xml
new file mode 100644
index 0000000..3250464
--- /dev/null
+++ b/PAW/GPO/{28C348CE-97B1-49B9-BF68-B62BB1B2B6F2}/bkupInfo.xml
@@ -0,0 +1 @@
+<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{5A4F5161-3F70-4F87-A673-78DC3887CCD5}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:49:32]]></BackupTime><ID><![CDATA[{28C348CE-97B1-49B9-BF68-B62BB1B2B6F2}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Tier1 PAW Configuration - Computer]]></GPODisplayName></BackupInst>
diff --git a/PAW/GPO/{28C348CE-97B1-49B9-BF68-B62BB1B2B6F2}/gpreport.xml b/PAW/GPO/{28C348CE-97B1-49B9-BF68-B62BB1B2B6F2}/gpreport.xml
new file mode 100644
index 0000000..0f5b256
Binary files /dev/null and b/PAW/GPO/{28C348CE-97B1-49B9-BF68-B62BB1B2B6F2}/gpreport.xml differ
diff --git a/PAW/GPO/{40241693-44C9-4170-9290-8E8BE7A271FA}/Backup.xml b/PAW/GPO/{40241693-44C9-4170-9290-8E8BE7A271FA}/Backup.xml
new file mode 100644
index 0000000..6be6b8d
--- /dev/null
+++ b/PAW/GPO/{40241693-44C9-4170-9290-8E8BE7A271FA}/Backup.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation.  All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
+    <GroupPolicyObject><SecurityGroups><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@mvp.azureblog.pl]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Domain Admins@mvp.azureblog.pl]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{2A2A227E-FF56-4442-A0A7-C04BDD003358}]]></ID><Domain><![CDATA[mvp.azureblog.pl]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[Tier1 PAW Configuration - User]]></DisplayName><Options><![CDATA[2]]></Options><UserVersionNumber><![CDATA[65537]]></UserVersionNumber><MachineVersionNumber><![CDATA[65537]]></MachineVersionNumber><MachineExtensionGuids/><UserExtensionGuids><![CDATA[[{00000000-0000-0000-0000-000000000000}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F73-3407-48AE-BA88-E8213C6761F1}][{B087BE9D-ED37-454F-AF9C-04291E351182}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}]]]></UserExtensionGuids><WMIFilter/></GroupPolicyCoreSettings> 
+        <GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
+            
+            <FSObjectFile bkp:Path="%GPO_USER_FSPATH%\registry.pol" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{2A2A227E-FF56-4442-A0A7-C04BDD003358}\User\registry.pol" bkp:Location="DomainSysvol\GPO\User\registry.pol"/>
+            <FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{2A2A227E-FF56-4442-A0A7-C04BDD003358}\Adm\*.*"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+        
+        
+        
+        
+        
+    <GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Applications" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{2A2A227E-FF56-4442-A0A7-C04BDD003358}\Machine\Applications" bkp:Location="DomainSysvol\GPO\Machine\Applications"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{2A2A227E-FF56-4442-A0A7-C04BDD003358}\Machine\Scripts" bkp:Location="DomainSysvol\GPO\Machine\Scripts"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Shutdown" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{2A2A227E-FF56-4442-A0A7-C04BDD003358}\Machine\Scripts\Shutdown" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Shutdown"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Startup" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{2A2A227E-FF56-4442-A0A7-C04BDD003358}\Machine\Scripts\Startup" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Startup"/><FSObjectFile bkp:Path="%GPO_USER_FSPATH%\comment.cmtx" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{2A2A227E-FF56-4442-A0A7-C04BDD003358}\User\comment.cmtx" bkp:Location="DomainSysvol\GPO\User\comment.cmtx"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Documents &amp; Settings" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{2A2A227E-FF56-4442-A0A7-C04BDD003358}\User\Documents &amp; Settings" bkp:Location="DomainSysvol\GPO\User\Documents &amp; Settings"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Preferences" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{2A2A227E-FF56-4442-A0A7-C04BDD003358}\User\Preferences" bkp:Location="DomainSysvol\GPO\User\Preferences"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Preferences\Registry" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{2A2A227E-FF56-4442-A0A7-C04BDD003358}\User\Preferences\Registry" bkp:Location="DomainSysvol\GPO\User\Preferences\Registry"/><FSObjectFile bkp:Path="%GPO_USER_FSPATH%\Preferences\Registry\Registry.xml" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{2A2A227E-FF56-4442-A0A7-C04BDD003358}\User\Preferences\Registry\Registry.xml" bkp:Location="DomainSysvol\GPO\User\Preferences\Registry\Registry.xml"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Scripts" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{2A2A227E-FF56-4442-A0A7-C04BDD003358}\User\Scripts" bkp:Location="DomainSysvol\GPO\User\Scripts"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Scripts\Logoff" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{2A2A227E-FF56-4442-A0A7-C04BDD003358}\User\Scripts\Logoff" bkp:Location="DomainSysvol\GPO\User\Scripts\Logoff"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Scripts\Logon" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{2A2A227E-FF56-4442-A0A7-C04BDD003358}\User\Scripts\Logon" bkp:Location="DomainSysvol\GPO\User\Scripts\Logon"/></GroupPolicyExtension></GroupPolicyObject>
+</GroupPolicyBackupScheme>
\ No newline at end of file
diff --git a/PAW/GPO/{40241693-44C9-4170-9290-8E8BE7A271FA}/DomainSysvol/GPO/User/Preferences/Registry/Registry.xml b/PAW/GPO/{40241693-44C9-4170-9290-8E8BE7A271FA}/DomainSysvol/GPO/User/Preferences/Registry/Registry.xml
new file mode 100644
index 0000000..b6a9ae3
--- /dev/null
+++ b/PAW/GPO/{40241693-44C9-4170-9290-8E8BE7A271FA}/DomainSysvol/GPO/User/Preferences/Registry/Registry.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<RegistrySettings clsid="{A3CCFC41-DFDB-43a5-8D26-0FE8B954DA51}"><Registry clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}" name="ProxyEnable" status="ProxyEnable" image="6" changed="2020-05-03 14:15:57" uid="{B2EA82FA-1969-41A7-8AC3-4CFCF18AE633}" removePolicy="1" bypassErrors="1"><Properties action="R" displayDecimal="0" default="0" hive="HKEY_CURRENT_USER" key="Software\Microsoft\Windows\CurrentVersion\Internet Settings" name="ProxyEnable" type="REG_SZ" value="1"/><Filters><FilterGroup bool="AND" not="0" name="AZUREBLOG\Tier1PAWUsers" sid="S-1-5-21-657827913-1895599540-1755036276-2603" userContext="1" primaryGroup="0" localGroup="0"/></Filters></Registry>
+	<Registry clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}" name="ProxyServer" status="ProxyServer" image="6" changed="2020-05-03 14:15:45" uid="{EFD6E1D2-70E6-43E9-B8A0-8FA7993FE076}" removePolicy="1" bypassErrors="1"><Properties action="R" displayDecimal="0" default="0" hive="HKEY_CURRENT_USER" key="Software\Microsoft\Windows\CurrentVersion\Internet Settings" name="ProxyServer" type="REG_SZ" value="127.0.0.1:80"/><Filters><FilterGroup bool="AND" not="0" name="AZUREBLOG\Tier1PAWUsers" sid="S-1-5-21-657827913-1895599540-1755036276-2603" userContext="1" primaryGroup="0" localGroup="0"/></Filters></Registry>
+</RegistrySettings>
diff --git a/PAW/GPO/{40241693-44C9-4170-9290-8E8BE7A271FA}/DomainSysvol/GPO/User/comment.cmtx b/PAW/GPO/{40241693-44C9-4170-9290-8E8BE7A271FA}/DomainSysvol/GPO/User/comment.cmtx
new file mode 100644
index 0000000..1e4e4d5
--- /dev/null
+++ b/PAW/GPO/{40241693-44C9-4170-9290-8E8BE7A271FA}/DomainSysvol/GPO/User/comment.cmtx
@@ -0,0 +1,12 @@
+<?xml version='1.0' encoding='utf-8'?>
+<policyComments xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://www.microsoft.com/GroupPolicy/CommentDefinitions">
+  <policyNamespaces>
+    <using prefix="ns0" namespace="Microsoft.Policies.InternetExplorer"></using>
+  </policyNamespaces>
+  <comments>
+    <admTemplate></admTemplate>
+  </comments>
+  <resources minRequiredRevision="1.0">
+    <stringTable></stringTable>
+  </resources>
+</policyComments>
\ No newline at end of file
diff --git a/PAW/GPO/{40241693-44C9-4170-9290-8E8BE7A271FA}/DomainSysvol/GPO/User/registry.pol b/PAW/GPO/{40241693-44C9-4170-9290-8E8BE7A271FA}/DomainSysvol/GPO/User/registry.pol
new file mode 100644
index 0000000..aac722b
Binary files /dev/null and b/PAW/GPO/{40241693-44C9-4170-9290-8E8BE7A271FA}/DomainSysvol/GPO/User/registry.pol differ
diff --git a/PAW/GPO/{40241693-44C9-4170-9290-8E8BE7A271FA}/bkupInfo.xml b/PAW/GPO/{40241693-44C9-4170-9290-8E8BE7A271FA}/bkupInfo.xml
new file mode 100644
index 0000000..af580ef
--- /dev/null
+++ b/PAW/GPO/{40241693-44C9-4170-9290-8E8BE7A271FA}/bkupInfo.xml
@@ -0,0 +1 @@
+<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{2A2A227E-FF56-4442-A0A7-C04BDD003358}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:49:32]]></BackupTime><ID><![CDATA[{40241693-44C9-4170-9290-8E8BE7A271FA}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Tier1 PAW Configuration - User]]></GPODisplayName></BackupInst>
diff --git a/PAW/GPO/{40241693-44C9-4170-9290-8E8BE7A271FA}/gpreport.xml b/PAW/GPO/{40241693-44C9-4170-9290-8E8BE7A271FA}/gpreport.xml
new file mode 100644
index 0000000..dc517e4
Binary files /dev/null and b/PAW/GPO/{40241693-44C9-4170-9290-8E8BE7A271FA}/gpreport.xml differ
diff --git a/PAW/GPO/{5BF7D886-3664-4716-97F7-32AF055F38DF}/Backup.xml b/PAW/GPO/{5BF7D886-3664-4716-97F7-32AF055F38DF}/Backup.xml
new file mode 100644
index 0000000..1b7d3b4
--- /dev/null
+++ b/PAW/GPO/{5BF7D886-3664-4716-97F7-32AF055F38DF}/Backup.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation.  All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
+    <GroupPolicyObject><SecurityGroups><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@mvp.azureblog.pl]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Domain Admins@mvp.azureblog.pl]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{40D23CDA-75A8-458C-A49A-C35ECD719571}]]></ID><Domain><![CDATA[mvp.azureblog.pl]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[Tier1 PAW Configuration - User PAC]]></DisplayName><Options><![CDATA[2]]></Options><UserVersionNumber><![CDATA[65537]]></UserVersionNumber><MachineVersionNumber><![CDATA[65537]]></MachineVersionNumber><MachineExtensionGuids/><UserExtensionGuids><![CDATA[[{00000000-0000-0000-0000-000000000000}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F73-3407-48AE-BA88-E8213C6761F1}][{B087BE9D-ED37-454F-AF9C-04291E351182}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}]]]></UserExtensionGuids><WMIFilter/></GroupPolicyCoreSettings> 
+        <GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
+            
+            <FSObjectFile bkp:Path="%GPO_USER_FSPATH%\registry.pol" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{40D23CDA-75A8-458C-A49A-C35ECD719571}\User\registry.pol" bkp:Location="DomainSysvol\GPO\User\registry.pol"/>
+            <FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{40D23CDA-75A8-458C-A49A-C35ECD719571}\Adm\*.*"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+        
+        
+        
+        
+        
+    <GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectFile bkp:Path="%GPO_USER_FSPATH%\comment.cmtx" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{40D23CDA-75A8-458C-A49A-C35ECD719571}\User\comment.cmtx" bkp:Location="DomainSysvol\GPO\User\comment.cmtx"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Documents &amp; Settings" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{40D23CDA-75A8-458C-A49A-C35ECD719571}\User\Documents &amp; Settings" bkp:Location="DomainSysvol\GPO\User\Documents &amp; Settings"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Preferences" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{40D23CDA-75A8-458C-A49A-C35ECD719571}\User\Preferences" bkp:Location="DomainSysvol\GPO\User\Preferences"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Preferences\Registry" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{40D23CDA-75A8-458C-A49A-C35ECD719571}\User\Preferences\Registry" bkp:Location="DomainSysvol\GPO\User\Preferences\Registry"/><FSObjectFile bkp:Path="%GPO_USER_FSPATH%\Preferences\Registry\Registry.xml" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{40D23CDA-75A8-458C-A49A-C35ECD719571}\User\Preferences\Registry\Registry.xml" bkp:Location="DomainSysvol\GPO\User\Preferences\Registry\Registry.xml"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Scripts" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{40D23CDA-75A8-458C-A49A-C35ECD719571}\User\Scripts" bkp:Location="DomainSysvol\GPO\User\Scripts"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Scripts\Logoff" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{40D23CDA-75A8-458C-A49A-C35ECD719571}\User\Scripts\Logoff" bkp:Location="DomainSysvol\GPO\User\Scripts\Logoff"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Scripts\Logon" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{40D23CDA-75A8-458C-A49A-C35ECD719571}\User\Scripts\Logon" bkp:Location="DomainSysvol\GPO\User\Scripts\Logon"/></GroupPolicyExtension></GroupPolicyObject>
+</GroupPolicyBackupScheme>
\ No newline at end of file
diff --git a/PAW/GPO/{5BF7D886-3664-4716-97F7-32AF055F38DF}/DomainSysvol/GPO/User/Preferences/Registry/Registry.xml b/PAW/GPO/{5BF7D886-3664-4716-97F7-32AF055F38DF}/DomainSysvol/GPO/User/Preferences/Registry/Registry.xml
new file mode 100644
index 0000000..f9fb30f
--- /dev/null
+++ b/PAW/GPO/{5BF7D886-3664-4716-97F7-32AF055F38DF}/DomainSysvol/GPO/User/Preferences/Registry/Registry.xml
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="utf-8"?>
+<RegistrySettings clsid="{A3CCFC41-DFDB-43a5-8D26-0FE8B954DA51}"><Registry clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}" name="AutoConfigURL" status="AutoConfigURL" image="6" changed="2020-05-23 17:22:16" uid="{D3FABB9E-0DA8-41F7-A3EB-28B129A99E0C}" removePolicy="1" bypassErrors="1"><Properties action="R" displayDecimal="1" default="0" hive="HKEY_CURRENT_USER" key="Software\Microsoft\Windows\CurrentVersion\Internet Settings" name="AutoConfigURL" type="REG_SZ" value="file://azureblog.pl/SYSVOL/azureblog.pl/scripts/proxy.pac"/><Filters><FilterGroup bool="AND" not="0" name="AZUREBLOG\Tier1PAWUsers" sid="S-1-5-21-657827913-1895599540-1755036276-3103" userContext="1" primaryGroup="0" localGroup="0"/></Filters></Registry>
+</RegistrySettings>
diff --git a/PAW/GPO/{5BF7D886-3664-4716-97F7-32AF055F38DF}/DomainSysvol/GPO/User/comment.cmtx b/PAW/GPO/{5BF7D886-3664-4716-97F7-32AF055F38DF}/DomainSysvol/GPO/User/comment.cmtx
new file mode 100644
index 0000000..1e4e4d5
--- /dev/null
+++ b/PAW/GPO/{5BF7D886-3664-4716-97F7-32AF055F38DF}/DomainSysvol/GPO/User/comment.cmtx
@@ -0,0 +1,12 @@
+<?xml version='1.0' encoding='utf-8'?>
+<policyComments xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://www.microsoft.com/GroupPolicy/CommentDefinitions">
+  <policyNamespaces>
+    <using prefix="ns0" namespace="Microsoft.Policies.InternetExplorer"></using>
+  </policyNamespaces>
+  <comments>
+    <admTemplate></admTemplate>
+  </comments>
+  <resources minRequiredRevision="1.0">
+    <stringTable></stringTable>
+  </resources>
+</policyComments>
\ No newline at end of file
diff --git a/PAW/GPO/{5BF7D886-3664-4716-97F7-32AF055F38DF}/DomainSysvol/GPO/User/registry.pol b/PAW/GPO/{5BF7D886-3664-4716-97F7-32AF055F38DF}/DomainSysvol/GPO/User/registry.pol
new file mode 100644
index 0000000..3fbffbe
Binary files /dev/null and b/PAW/GPO/{5BF7D886-3664-4716-97F7-32AF055F38DF}/DomainSysvol/GPO/User/registry.pol differ
diff --git a/PAW/GPO/{5BF7D886-3664-4716-97F7-32AF055F38DF}/bkupInfo.xml b/PAW/GPO/{5BF7D886-3664-4716-97F7-32AF055F38DF}/bkupInfo.xml
new file mode 100644
index 0000000..abd2257
--- /dev/null
+++ b/PAW/GPO/{5BF7D886-3664-4716-97F7-32AF055F38DF}/bkupInfo.xml
@@ -0,0 +1 @@
+<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{40D23CDA-75A8-458C-A49A-C35ECD719571}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:49:32]]></BackupTime><ID><![CDATA[{5BF7D886-3664-4716-97F7-32AF055F38DF}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Tier1 PAW Configuration - User PAC]]></GPODisplayName></BackupInst>
diff --git a/PAW/GPO/{5BF7D886-3664-4716-97F7-32AF055F38DF}/gpreport.xml b/PAW/GPO/{5BF7D886-3664-4716-97F7-32AF055F38DF}/gpreport.xml
new file mode 100644
index 0000000..2a0e42f
Binary files /dev/null and b/PAW/GPO/{5BF7D886-3664-4716-97F7-32AF055F38DF}/gpreport.xml differ
diff --git a/PAW/GPO/{76018172-90F7-4D1B-83B4-568B7808BDBC}/Backup.xml b/PAW/GPO/{76018172-90F7-4D1B-83B4-568B7808BDBC}/Backup.xml
new file mode 100644
index 0000000..48986a6
--- /dev/null
+++ b/PAW/GPO/{76018172-90F7-4D1B-83B4-568B7808BDBC}/Backup.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation.  All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
+    <GroupPolicyObject><SecurityGroups><Group><Sid/><SamAccountName><![CDATA[Administrators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid/><SamAccountName><![CDATA[Account Operators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid/><SamAccountName><![CDATA[Backup Operators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid/><SamAccountName><![CDATA[Cryptographic Operators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid/><SamAccountName><![CDATA[Print Operators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid/><SamAccountName><![CDATA[Server Operators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-516]]></Sid><SamAccountName><![CDATA[Domain Controllers]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Domain Controllers@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-518]]></Sid><SamAccountName><![CDATA[Schema Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Schema Admins@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Domain Admins@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-520]]></Sid><SamAccountName><![CDATA[Group Policy Creator Owners]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Group Policy Creator Owners@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-521]]></Sid><SamAccountName><![CDATA[Read-only Domain Controllers]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Read-only Domain Controllers@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1103]]></Sid><SamAccountName><![CDATA[Tier0ReplicationMaintenance]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier0ReplicationMaintenance@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1105]]></Sid><SamAccountName><![CDATA[Tier2ServiceDeskOperators]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier2ServiceDeskOperators@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1106]]></Sid><SamAccountName><![CDATA[Tier2WorkstationMaintenance]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier2WorkstationMaintenance@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1107]]></Sid><SamAccountName><![CDATA[tier1admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[tier1admins@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1108]]></Sid><SamAccountName><![CDATA[tier2admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[tier2admins@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1109]]></Sid><SamAccountName><![CDATA[Tier0PAWUsers]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier0PAWUsers@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1110]]></Sid><SamAccountName><![CDATA[Tier0PAWMaint]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier0PAWMaint@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1111]]></Sid><SamAccountName><![CDATA[Tier1PAWUsers]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier1PAWUsers@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1112]]></Sid><SamAccountName><![CDATA[Tier1PAWMaint]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier1PAWMaint@mvp.azureblog.pl]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{CDED7DAD-E859-4B3A-AE3D-49306786A4EB}]]></ID><Domain><![CDATA[mvp.azureblog.pl]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[Tier1 Restrict Server Logon]]></DisplayName><Options><![CDATA[1]]></Options><UserVersionNumber><![CDATA[65537]]></UserVersionNumber><MachineVersionNumber><![CDATA[262148]]></MachineVersionNumber><MachineExtensionGuids><![CDATA[[{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]]]></MachineExtensionGuids><UserExtensionGuids/><WMIFilter/></GroupPolicyCoreSettings> 
+        <GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
+            
+            
+            <FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{CDED7DAD-E859-4B3A-AE3D-49306786A4EB}\Adm\*.*"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+        <GroupPolicyExtension bkp:ID="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}" bkp:DescName="Security">
+            <FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{CDED7DAD-E859-4B3A-AE3D-49306786A4EB}\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:ReEvaluateFunction="SecurityValidateSettings" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+    <GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{CDED7DAD-E859-4B3A-AE3D-49306786A4EB}\Machine\microsoft" bkp:Location="DomainSysvol\GPO\Machine\microsoft"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{CDED7DAD-E859-4B3A-AE3D-49306786A4EB}\Machine\microsoft\windows nt" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{CDED7DAD-E859-4B3A-AE3D-49306786A4EB}\Machine\microsoft\windows nt\SecEdit" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{CDED7DAD-E859-4B3A-AE3D-49306786A4EB}\Machine\Scripts" bkp:Location="DomainSysvol\GPO\Machine\Scripts"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Shutdown" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{CDED7DAD-E859-4B3A-AE3D-49306786A4EB}\Machine\Scripts\Shutdown" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Shutdown"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Startup" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{CDED7DAD-E859-4B3A-AE3D-49306786A4EB}\Machine\Scripts\Startup" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Startup"/></GroupPolicyExtension></GroupPolicyObject>
+</GroupPolicyBackupScheme>
\ No newline at end of file
diff --git a/PAW/GPO/{76018172-90F7-4D1B-83B4-568B7808BDBC}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf b/PAW/GPO/{76018172-90F7-4D1B-83B4-568B7808BDBC}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf
new file mode 100644
index 0000000..10d8159
Binary files /dev/null and b/PAW/GPO/{76018172-90F7-4D1B-83B4-568B7808BDBC}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf differ
diff --git a/PAW/GPO/{76018172-90F7-4D1B-83B4-568B7808BDBC}/bkupInfo.xml b/PAW/GPO/{76018172-90F7-4D1B-83B4-568B7808BDBC}/bkupInfo.xml
new file mode 100644
index 0000000..c095d7a
--- /dev/null
+++ b/PAW/GPO/{76018172-90F7-4D1B-83B4-568B7808BDBC}/bkupInfo.xml
@@ -0,0 +1 @@
+<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{CDED7DAD-E859-4B3A-AE3D-49306786A4EB}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:49:33]]></BackupTime><ID><![CDATA[{76018172-90F7-4D1B-83B4-568B7808BDBC}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Tier1 Restrict Server Logon]]></GPODisplayName></BackupInst>
diff --git a/PAW/GPO/{76018172-90F7-4D1B-83B4-568B7808BDBC}/gpreport.xml b/PAW/GPO/{76018172-90F7-4D1B-83B4-568B7808BDBC}/gpreport.xml
new file mode 100644
index 0000000..ed9cabb
Binary files /dev/null and b/PAW/GPO/{76018172-90F7-4D1B-83B4-568B7808BDBC}/gpreport.xml differ
diff --git a/PAW/GPO/{9301378B-D13F-4DAB-A7E3-7B1DF17E1534}/Backup.xml b/PAW/GPO/{9301378B-D13F-4DAB-A7E3-7B1DF17E1534}/Backup.xml
new file mode 100644
index 0000000..91e8aa3
--- /dev/null
+++ b/PAW/GPO/{9301378B-D13F-4DAB-A7E3-7B1DF17E1534}/Backup.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation.  All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
+    <GroupPolicyObject><SecurityGroups><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@mvp.azureblog.pl]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Domain Admins@mvp.azureblog.pl]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{AC7E6B74-4ADE-480F-8862-47CED576E8B5}]]></ID><Domain><![CDATA[mvp.azureblog.pl]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[Tier0 PAW Configuration - User]]></DisplayName><Options><![CDATA[2]]></Options><UserVersionNumber><![CDATA[65537]]></UserVersionNumber><MachineVersionNumber><![CDATA[65537]]></MachineVersionNumber><MachineExtensionGuids/><UserExtensionGuids><![CDATA[[{00000000-0000-0000-0000-000000000000}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F73-3407-48AE-BA88-E8213C6761F1}][{B087BE9D-ED37-454F-AF9C-04291E351182}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}]]]></UserExtensionGuids><WMIFilter/></GroupPolicyCoreSettings> 
+        <GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
+            
+            <FSObjectFile bkp:Path="%GPO_USER_FSPATH%\registry.pol" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{AC7E6B74-4ADE-480F-8862-47CED576E8B5}\User\registry.pol" bkp:Location="DomainSysvol\GPO\User\registry.pol"/>
+            <FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{AC7E6B74-4ADE-480F-8862-47CED576E8B5}\Adm\*.*"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+        
+        
+        
+        
+        
+    <GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectFile bkp:Path="%GPO_USER_FSPATH%\comment.cmtx" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{AC7E6B74-4ADE-480F-8862-47CED576E8B5}\User\comment.cmtx" bkp:Location="DomainSysvol\GPO\User\comment.cmtx"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Documents &amp; Settings" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{AC7E6B74-4ADE-480F-8862-47CED576E8B5}\User\Documents &amp; Settings" bkp:Location="DomainSysvol\GPO\User\Documents &amp; Settings"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Preferences" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{AC7E6B74-4ADE-480F-8862-47CED576E8B5}\User\Preferences" bkp:Location="DomainSysvol\GPO\User\Preferences"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Preferences\Registry" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{AC7E6B74-4ADE-480F-8862-47CED576E8B5}\User\Preferences\Registry" bkp:Location="DomainSysvol\GPO\User\Preferences\Registry"/><FSObjectFile bkp:Path="%GPO_USER_FSPATH%\Preferences\Registry\Registry.xml" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{AC7E6B74-4ADE-480F-8862-47CED576E8B5}\User\Preferences\Registry\Registry.xml" bkp:Location="DomainSysvol\GPO\User\Preferences\Registry\Registry.xml"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Scripts" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{AC7E6B74-4ADE-480F-8862-47CED576E8B5}\User\Scripts" bkp:Location="DomainSysvol\GPO\User\Scripts"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Scripts\Logoff" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{AC7E6B74-4ADE-480F-8862-47CED576E8B5}\User\Scripts\Logoff" bkp:Location="DomainSysvol\GPO\User\Scripts\Logoff"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Scripts\Logon" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{AC7E6B74-4ADE-480F-8862-47CED576E8B5}\User\Scripts\Logon" bkp:Location="DomainSysvol\GPO\User\Scripts\Logon"/></GroupPolicyExtension></GroupPolicyObject>
+</GroupPolicyBackupScheme>
\ No newline at end of file
diff --git a/PAW/GPO/{9301378B-D13F-4DAB-A7E3-7B1DF17E1534}/DomainSysvol/GPO/User/Preferences/Registry/Registry.xml b/PAW/GPO/{9301378B-D13F-4DAB-A7E3-7B1DF17E1534}/DomainSysvol/GPO/User/Preferences/Registry/Registry.xml
new file mode 100644
index 0000000..dc57b5f
--- /dev/null
+++ b/PAW/GPO/{9301378B-D13F-4DAB-A7E3-7B1DF17E1534}/DomainSysvol/GPO/User/Preferences/Registry/Registry.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<RegistrySettings clsid="{A3CCFC41-DFDB-43a5-8D26-0FE8B954DA51}"><Registry clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}" name="ProxyEnable" status="ProxyEnable" image="6" changed="2020-05-03 09:38:46" uid="{99494A1E-EBB1-4A93-9037-1C0C43661B39}" removePolicy="1" bypassErrors="1"><Properties action="R" displayDecimal="0" default="0" hive="HKEY_CURRENT_USER" key="Software\Microsoft\Windows\CurrentVersion\Internet Settings" name="ProxyEnable" type="REG_SZ" value="1"/><Filters><FilterGroup bool="AND" not="0" name="AZUREBLOG\Tier0PAWUsers" sid="S-1-5-21-657827913-1895599540-1755036276-2601" userContext="1" primaryGroup="0" localGroup="0"/></Filters></Registry>
+	<Registry clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}" name="ProxyServer" status="ProxyServer" image="6" changed="2020-05-03 09:38:29" uid="{B553DABF-BECC-41E6-ADDA-AC6DFA3BAD78}" removePolicy="1" bypassErrors="1"><Properties action="R" displayDecimal="0" default="0" hive="HKEY_CURRENT_USER" key="Software\Microsoft\Windows\CurrentVersion\Internet Settings" name="ProxyServer" type="REG_SZ" value="127.0.0.1:80"/><Filters><FilterGroup bool="AND" not="0" name="AZUREBLOG\Tier0PAWUsers" sid="S-1-5-21-657827913-1895599540-1755036276-2601" userContext="1" primaryGroup="0" localGroup="0"/></Filters></Registry>
+</RegistrySettings>
diff --git a/PAW/GPO/{9301378B-D13F-4DAB-A7E3-7B1DF17E1534}/DomainSysvol/GPO/User/comment.cmtx b/PAW/GPO/{9301378B-D13F-4DAB-A7E3-7B1DF17E1534}/DomainSysvol/GPO/User/comment.cmtx
new file mode 100644
index 0000000..1e4e4d5
--- /dev/null
+++ b/PAW/GPO/{9301378B-D13F-4DAB-A7E3-7B1DF17E1534}/DomainSysvol/GPO/User/comment.cmtx
@@ -0,0 +1,12 @@
+<?xml version='1.0' encoding='utf-8'?>
+<policyComments xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://www.microsoft.com/GroupPolicy/CommentDefinitions">
+  <policyNamespaces>
+    <using prefix="ns0" namespace="Microsoft.Policies.InternetExplorer"></using>
+  </policyNamespaces>
+  <comments>
+    <admTemplate></admTemplate>
+  </comments>
+  <resources minRequiredRevision="1.0">
+    <stringTable></stringTable>
+  </resources>
+</policyComments>
\ No newline at end of file
diff --git a/PAW/GPO/{9301378B-D13F-4DAB-A7E3-7B1DF17E1534}/DomainSysvol/GPO/User/registry.pol b/PAW/GPO/{9301378B-D13F-4DAB-A7E3-7B1DF17E1534}/DomainSysvol/GPO/User/registry.pol
new file mode 100644
index 0000000..aac722b
Binary files /dev/null and b/PAW/GPO/{9301378B-D13F-4DAB-A7E3-7B1DF17E1534}/DomainSysvol/GPO/User/registry.pol differ
diff --git a/PAW/GPO/{9301378B-D13F-4DAB-A7E3-7B1DF17E1534}/bkupInfo.xml b/PAW/GPO/{9301378B-D13F-4DAB-A7E3-7B1DF17E1534}/bkupInfo.xml
new file mode 100644
index 0000000..c0b406b
--- /dev/null
+++ b/PAW/GPO/{9301378B-D13F-4DAB-A7E3-7B1DF17E1534}/bkupInfo.xml
@@ -0,0 +1 @@
+<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{AC7E6B74-4ADE-480F-8862-47CED576E8B5}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:49:31]]></BackupTime><ID><![CDATA[{9301378B-D13F-4DAB-A7E3-7B1DF17E1534}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Tier0 PAW Configuration - User]]></GPODisplayName></BackupInst>
diff --git a/PAW/GPO/{9301378B-D13F-4DAB-A7E3-7B1DF17E1534}/gpreport.xml b/PAW/GPO/{9301378B-D13F-4DAB-A7E3-7B1DF17E1534}/gpreport.xml
new file mode 100644
index 0000000..284f59d
Binary files /dev/null and b/PAW/GPO/{9301378B-D13F-4DAB-A7E3-7B1DF17E1534}/gpreport.xml differ
diff --git a/PAW/GPO/{A6592F94-2D7C-4FA3-8B0C-9655F3AE83CF}/Backup.xml b/PAW/GPO/{A6592F94-2D7C-4FA3-8B0C-9655F3AE83CF}/Backup.xml
new file mode 100644
index 0000000..bc320d1
--- /dev/null
+++ b/PAW/GPO/{A6592F94-2D7C-4FA3-8B0C-9655F3AE83CF}/Backup.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation.  All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
+    <GroupPolicyObject><SecurityGroups><Group><Sid/><SamAccountName><![CDATA[Administrators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@mvp.azureblog.pl]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Domain Admins@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1109]]></Sid><SamAccountName><![CDATA[Tier0PAWUsers]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier0PAWUsers@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1110]]></Sid><SamAccountName><![CDATA[Tier0PAWMaint]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier0PAWMaint@mvp.azureblog.pl]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{932FE5DD-81BD-482A-A0B7-36140CEBC74F}]]></ID><Domain><![CDATA[mvp.azureblog.pl]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[Tier0 PAW Configuration - Computer]]></DisplayName><Options><![CDATA[1]]></Options><UserVersionNumber><![CDATA[131074]]></UserVersionNumber><MachineVersionNumber><![CDATA[131074]]></MachineVersionNumber><MachineExtensionGuids><![CDATA[[{00000000-0000-0000-0000-000000000000}{79F92669-4224-476C-9C5C-6EFB4D87DF4A}][{17D89FEC-5C44-4972-B12D-241CAEF74509}{79F92669-4224-476C-9C5C-6EFB4D87DF4A}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{B05566AC-FE9C-4368-BE01-7A4CBB6CBA11}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]]]></MachineExtensionGuids><UserExtensionGuids/><WMIFilter/></GroupPolicyCoreSettings> 
+        <GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
+            <FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\registry.pol" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{932FE5DD-81BD-482A-A0B7-36140CEBC74F}\Machine\registry.pol" bkp:Location="DomainSysvol\GPO\Machine\registry.pol"/>
+            
+            <FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{932FE5DD-81BD-482A-A0B7-36140CEBC74F}\Adm\*.*"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+        <GroupPolicyExtension bkp:ID="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}" bkp:DescName="Security">
+            <FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{932FE5DD-81BD-482A-A0B7-36140CEBC74F}\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:ReEvaluateFunction="SecurityValidateSettings" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+    <GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{932FE5DD-81BD-482A-A0B7-36140CEBC74F}\Machine\microsoft" bkp:Location="DomainSysvol\GPO\Machine\microsoft"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{932FE5DD-81BD-482A-A0B7-36140CEBC74F}\Machine\microsoft\windows nt" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{932FE5DD-81BD-482A-A0B7-36140CEBC74F}\Machine\microsoft\windows nt\SecEdit" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Preferences" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{932FE5DD-81BD-482A-A0B7-36140CEBC74F}\Machine\Preferences" bkp:Location="DomainSysvol\GPO\Machine\Preferences"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Preferences\Groups" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{932FE5DD-81BD-482A-A0B7-36140CEBC74F}\Machine\Preferences\Groups" bkp:Location="DomainSysvol\GPO\Machine\Preferences\Groups"/><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\Preferences\Groups\Groups.xml" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{932FE5DD-81BD-482A-A0B7-36140CEBC74F}\Machine\Preferences\Groups\Groups.xml" bkp:Location="DomainSysvol\GPO\Machine\Preferences\Groups\Groups.xml"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{932FE5DD-81BD-482A-A0B7-36140CEBC74F}\Machine\Scripts" bkp:Location="DomainSysvol\GPO\Machine\Scripts"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Shutdown" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{932FE5DD-81BD-482A-A0B7-36140CEBC74F}\Machine\Scripts\Shutdown" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Shutdown"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Startup" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{932FE5DD-81BD-482A-A0B7-36140CEBC74F}\Machine\Scripts\Startup" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Startup"/></GroupPolicyExtension></GroupPolicyObject>
+</GroupPolicyBackupScheme>
\ No newline at end of file
diff --git a/PAW/GPO/{A6592F94-2D7C-4FA3-8B0C-9655F3AE83CF}/DomainSysvol/GPO/Machine/Preferences/Groups/Groups.xml b/PAW/GPO/{A6592F94-2D7C-4FA3-8B0C-9655F3AE83CF}/DomainSysvol/GPO/Machine/Preferences/Groups/Groups.xml
new file mode 100644
index 0000000..bc79d6b
--- /dev/null
+++ b/PAW/GPO/{A6592F94-2D7C-4FA3-8B0C-9655F3AE83CF}/DomainSysvol/GPO/Machine/Preferences/Groups/Groups.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Groups clsid="{3125E937-EB16-4b4c-9934-544FC6D24D26}"><Group clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}" name="Administrators (built-in)" image="2" changed="2020-05-23 18:51:34" uid="{96B7D7C0-A660-4851-8C1E-6B6CC858531D}"><Properties action="U" newName="" description="" deleteAllUsers="1" deleteAllGroups="1" removeAccounts="0" groupSid="S-1-5-32-544" groupName="Administrators (built-in)"><Members><Member name="Administrator" action="ADD" sid=""/><Member name="AZUREBLOG\Tier0 PAW Maintenance" action="ADD" sid="S-1-5-21-657827913-1895599540-1755036276-3102"/></Members></Properties></Group>
+	<Group clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}" name="Backup Operators (built-in)" image="2" changed="2020-05-02 19:51:51" uid="{8EF6A831-772A-44E7-8C06-F989A132A915}"><Properties action="U" newName="" description="" deleteAllUsers="1" deleteAllGroups="1" removeAccounts="0" groupSid="S-1-5-32-551" groupName="Backup Operators (built-in)"/></Group>
+	<Group clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}" name="Cryptographic Operators (built-in)" image="2" changed="2020-05-02 19:52:09" uid="{8921DB1D-B0EA-47C0-939A-DE8EC751F0A6}"><Properties action="U" newName="" description="" deleteAllUsers="1" deleteAllGroups="1" removeAccounts="0" groupSid="S-1-5-32-569" groupName="Cryptographic Operators (built-in)"/></Group>
+	<Group clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}" name="Network Configuration Operators (built-in)" image="2" changed="2020-05-02 19:52:31" uid="{C0487B91-76A7-46E0-A1AE-E98C0E3A4DB3}"><Properties action="U" newName="" description="" deleteAllUsers="1" deleteAllGroups="1" removeAccounts="0" groupSid="S-1-5-32-556" groupName="Network Configuration Operators (built-in)"/></Group>
+	<Group clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}" name="Power Users (built-in)" image="2" changed="2020-05-03 15:15:33" uid="{360BD30A-D2C3-486E-BA52-EE9142B89A76}"><Properties action="U" newName="" description="" deleteAllUsers="1" deleteAllGroups="1" removeAccounts="0" groupSid="S-1-5-32-547" groupName="Power Users (built-in)"/></Group>
+	<Group clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}" name="Remote Desktop Users (built-in)" image="2" changed="2020-05-23 18:55:35" uid="{9305EF9F-7D6D-4D42-9040-90A170FCFFD0}"><Properties action="U" newName="" description="" deleteAllUsers="1" deleteAllGroups="1" removeAccounts="0" groupSid="S-1-5-32-555" groupName="Remote Desktop Users (built-in)"><Members><Member name="AZUREBLOG\Tier0 PAW Maintenance" action="ADD" sid="S-1-5-21-657827913-1895599540-1755036276-3102"/><Member name="AZUREBLOG\Tier0 PAW Users" action="ADD" sid="S-1-5-21-657827913-1895599540-1755036276-3101"/></Members></Properties></Group>
+	<Group clsid="{6D4A79E4-529C-4481-ABD0-F5BD7EA93BA7}" name="Replicators (built-in)" image="2" changed="2020-05-02 19:52:59" uid="{252820B0-356C-4E4B-940C-66A74C87B0F2}"><Properties action="U" newName="" description="" deleteAllUsers="1" deleteAllGroups="1" removeAccounts="0" groupSid="S-1-5-32-552" groupName="Replicators (built-in)"/></Group>
+</Groups>
diff --git a/PAW/GPO/{A6592F94-2D7C-4FA3-8B0C-9655F3AE83CF}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf b/PAW/GPO/{A6592F94-2D7C-4FA3-8B0C-9655F3AE83CF}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf
new file mode 100644
index 0000000..2bceed1
Binary files /dev/null and b/PAW/GPO/{A6592F94-2D7C-4FA3-8B0C-9655F3AE83CF}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf differ
diff --git a/PAW/GPO/{A6592F94-2D7C-4FA3-8B0C-9655F3AE83CF}/DomainSysvol/GPO/Machine/registry.pol b/PAW/GPO/{A6592F94-2D7C-4FA3-8B0C-9655F3AE83CF}/DomainSysvol/GPO/Machine/registry.pol
new file mode 100644
index 0000000..23a3474
Binary files /dev/null and b/PAW/GPO/{A6592F94-2D7C-4FA3-8B0C-9655F3AE83CF}/DomainSysvol/GPO/Machine/registry.pol differ
diff --git a/PAW/GPO/{A6592F94-2D7C-4FA3-8B0C-9655F3AE83CF}/bkupInfo.xml b/PAW/GPO/{A6592F94-2D7C-4FA3-8B0C-9655F3AE83CF}/bkupInfo.xml
new file mode 100644
index 0000000..2060e67
--- /dev/null
+++ b/PAW/GPO/{A6592F94-2D7C-4FA3-8B0C-9655F3AE83CF}/bkupInfo.xml
@@ -0,0 +1 @@
+<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{932FE5DD-81BD-482A-A0B7-36140CEBC74F}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:49:31]]></BackupTime><ID><![CDATA[{A6592F94-2D7C-4FA3-8B0C-9655F3AE83CF}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Tier0 PAW Configuration - Computer]]></GPODisplayName></BackupInst>
diff --git a/PAW/GPO/{A6592F94-2D7C-4FA3-8B0C-9655F3AE83CF}/gpreport.xml b/PAW/GPO/{A6592F94-2D7C-4FA3-8B0C-9655F3AE83CF}/gpreport.xml
new file mode 100644
index 0000000..668c1a4
Binary files /dev/null and b/PAW/GPO/{A6592F94-2D7C-4FA3-8B0C-9655F3AE83CF}/gpreport.xml differ
diff --git a/PAW/GPO/{B3400906-DAE7-48A1-9F3F-1E2E117CF07B}/Backup.xml b/PAW/GPO/{B3400906-DAE7-48A1-9F3F-1E2E117CF07B}/Backup.xml
new file mode 100644
index 0000000..4929948
--- /dev/null
+++ b/PAW/GPO/{B3400906-DAE7-48A1-9F3F-1E2E117CF07B}/Backup.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation.  All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
+    <GroupPolicyObject><SecurityGroups><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@mvp.azureblog.pl]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Domain Admins@mvp.azureblog.pl]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{730D64B2-5262-4F7B-8323-B08105F4AC3C}]]></ID><Domain><![CDATA[mvp.azureblog.pl]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[Do Not Display Logon Information]]></DisplayName><Options><![CDATA[1]]></Options><UserVersionNumber><![CDATA[65537]]></UserVersionNumber><MachineVersionNumber><![CDATA[65537]]></MachineVersionNumber><MachineExtensionGuids><![CDATA[[{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]]]></MachineExtensionGuids><UserExtensionGuids/><WMIFilter/></GroupPolicyCoreSettings> 
+        <GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
+            
+            
+            <FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{730D64B2-5262-4F7B-8323-B08105F4AC3C}\Adm\*.*"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+        <GroupPolicyExtension bkp:ID="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}" bkp:DescName="Security">
+            <FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{730D64B2-5262-4F7B-8323-B08105F4AC3C}\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:ReEvaluateFunction="SecurityValidateSettings" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+    <GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{730D64B2-5262-4F7B-8323-B08105F4AC3C}\Machine\microsoft" bkp:Location="DomainSysvol\GPO\Machine\microsoft"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{730D64B2-5262-4F7B-8323-B08105F4AC3C}\Machine\microsoft\windows nt" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{730D64B2-5262-4F7B-8323-B08105F4AC3C}\Machine\microsoft\windows nt\SecEdit" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{730D64B2-5262-4F7B-8323-B08105F4AC3C}\Machine\Scripts" bkp:Location="DomainSysvol\GPO\Machine\Scripts"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Shutdown" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{730D64B2-5262-4F7B-8323-B08105F4AC3C}\Machine\Scripts\Shutdown" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Shutdown"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Startup" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{730D64B2-5262-4F7B-8323-B08105F4AC3C}\Machine\Scripts\Startup" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Startup"/></GroupPolicyExtension></GroupPolicyObject>
+</GroupPolicyBackupScheme>
\ No newline at end of file
diff --git a/PAW/GPO/{B3400906-DAE7-48A1-9F3F-1E2E117CF07B}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf b/PAW/GPO/{B3400906-DAE7-48A1-9F3F-1E2E117CF07B}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf
new file mode 100644
index 0000000..74016ab
Binary files /dev/null and b/PAW/GPO/{B3400906-DAE7-48A1-9F3F-1E2E117CF07B}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf differ
diff --git a/PAW/GPO/{B3400906-DAE7-48A1-9F3F-1E2E117CF07B}/bkupInfo.xml b/PAW/GPO/{B3400906-DAE7-48A1-9F3F-1E2E117CF07B}/bkupInfo.xml
new file mode 100644
index 0000000..b68f4e5
--- /dev/null
+++ b/PAW/GPO/{B3400906-DAE7-48A1-9F3F-1E2E117CF07B}/bkupInfo.xml
@@ -0,0 +1 @@
+<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{730D64B2-5262-4F7B-8323-B08105F4AC3C}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:49:30]]></BackupTime><ID><![CDATA[{B3400906-DAE7-48A1-9F3F-1E2E117CF07B}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Do Not Display Logon Information]]></GPODisplayName></BackupInst>
diff --git a/PAW/GPO/{B3400906-DAE7-48A1-9F3F-1E2E117CF07B}/gpreport.xml b/PAW/GPO/{B3400906-DAE7-48A1-9F3F-1E2E117CF07B}/gpreport.xml
new file mode 100644
index 0000000..345aa89
Binary files /dev/null and b/PAW/GPO/{B3400906-DAE7-48A1-9F3F-1E2E117CF07B}/gpreport.xml differ
diff --git a/PAW/GPO/{CC4086FF-885D-4788-86AC-A348C91923CA}/Backup.xml b/PAW/GPO/{CC4086FF-885D-4788-86AC-A348C91923CA}/Backup.xml
new file mode 100644
index 0000000..18f6e78
--- /dev/null
+++ b/PAW/GPO/{CC4086FF-885D-4788-86AC-A348C91923CA}/Backup.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation.  All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
+    <GroupPolicyObject><SecurityGroups><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@mvp.azureblog.pl]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Domain Admins@mvp.azureblog.pl]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{F2DC4F2C-D889-4AD5-8AE8-7C93FACEFC13}]]></ID><Domain><![CDATA[mvp.azureblog.pl]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[Tier0 PAW Configuration - User PAC]]></DisplayName><Options><![CDATA[2]]></Options><UserVersionNumber><![CDATA[65537]]></UserVersionNumber><MachineVersionNumber><![CDATA[65537]]></MachineVersionNumber><MachineExtensionGuids/><UserExtensionGuids><![CDATA[[{00000000-0000-0000-0000-000000000000}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F73-3407-48AE-BA88-E8213C6761F1}][{B087BE9D-ED37-454F-AF9C-04291E351182}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}]]]></UserExtensionGuids><WMIFilter/></GroupPolicyCoreSettings> 
+        <GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
+            
+            <FSObjectFile bkp:Path="%GPO_USER_FSPATH%\registry.pol" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{F2DC4F2C-D889-4AD5-8AE8-7C93FACEFC13}\User\registry.pol" bkp:Location="DomainSysvol\GPO\User\registry.pol"/>
+            <FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{F2DC4F2C-D889-4AD5-8AE8-7C93FACEFC13}\Adm\*.*"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+        
+        
+        
+        
+        
+    <GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectFile bkp:Path="%GPO_USER_FSPATH%\comment.cmtx" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{F2DC4F2C-D889-4AD5-8AE8-7C93FACEFC13}\User\comment.cmtx" bkp:Location="DomainSysvol\GPO\User\comment.cmtx"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Documents &amp; Settings" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{F2DC4F2C-D889-4AD5-8AE8-7C93FACEFC13}\User\Documents &amp; Settings" bkp:Location="DomainSysvol\GPO\User\Documents &amp; Settings"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Preferences" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{F2DC4F2C-D889-4AD5-8AE8-7C93FACEFC13}\User\Preferences" bkp:Location="DomainSysvol\GPO\User\Preferences"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Preferences\Registry" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{F2DC4F2C-D889-4AD5-8AE8-7C93FACEFC13}\User\Preferences\Registry" bkp:Location="DomainSysvol\GPO\User\Preferences\Registry"/><FSObjectFile bkp:Path="%GPO_USER_FSPATH%\Preferences\Registry\Registry.xml" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{F2DC4F2C-D889-4AD5-8AE8-7C93FACEFC13}\User\Preferences\Registry\Registry.xml" bkp:Location="DomainSysvol\GPO\User\Preferences\Registry\Registry.xml"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Scripts" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{F2DC4F2C-D889-4AD5-8AE8-7C93FACEFC13}\User\Scripts" bkp:Location="DomainSysvol\GPO\User\Scripts"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Scripts\Logoff" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{F2DC4F2C-D889-4AD5-8AE8-7C93FACEFC13}\User\Scripts\Logoff" bkp:Location="DomainSysvol\GPO\User\Scripts\Logoff"/><FSObjectDir bkp:Path="%GPO_USER_FSPATH%\Scripts\Logon" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{F2DC4F2C-D889-4AD5-8AE8-7C93FACEFC13}\User\Scripts\Logon" bkp:Location="DomainSysvol\GPO\User\Scripts\Logon"/></GroupPolicyExtension></GroupPolicyObject>
+</GroupPolicyBackupScheme>
\ No newline at end of file
diff --git a/PAW/GPO/{CC4086FF-885D-4788-86AC-A348C91923CA}/DomainSysvol/GPO/User/Preferences/Registry/Registry.xml b/PAW/GPO/{CC4086FF-885D-4788-86AC-A348C91923CA}/DomainSysvol/GPO/User/Preferences/Registry/Registry.xml
new file mode 100644
index 0000000..c2a952a
--- /dev/null
+++ b/PAW/GPO/{CC4086FF-885D-4788-86AC-A348C91923CA}/DomainSysvol/GPO/User/Preferences/Registry/Registry.xml
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="utf-8"?>
+<RegistrySettings clsid="{A3CCFC41-DFDB-43a5-8D26-0FE8B954DA51}"><Registry clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}" name="AutoConfigURL" status="AutoConfigURL" image="6" changed="2020-05-23 17:19:42" uid="{C9B7F6A8-F9F9-4529-84A2-820A6C4EF291}" removePolicy="1" bypassErrors="1"><Properties action="R" displayDecimal="1" default="0" hive="HKEY_CURRENT_USER" key="Software\Microsoft\Windows\CurrentVersion\Internet Settings" name="AutoConfigURL" type="REG_SZ" value="file://azureblog.pl/SYSVOL/azureblog.pl/scripts/proxy.pac"/><Filters><FilterGroup bool="AND" not="0" name="AZUREBLOG\Tier0PAWUsers" sid="S-1-5-21-657827913-1895599540-1755036276-3101" userContext="1" primaryGroup="0" localGroup="0"/></Filters></Registry>
+</RegistrySettings>
diff --git a/PAW/GPO/{CC4086FF-885D-4788-86AC-A348C91923CA}/DomainSysvol/GPO/User/comment.cmtx b/PAW/GPO/{CC4086FF-885D-4788-86AC-A348C91923CA}/DomainSysvol/GPO/User/comment.cmtx
new file mode 100644
index 0000000..1e4e4d5
--- /dev/null
+++ b/PAW/GPO/{CC4086FF-885D-4788-86AC-A348C91923CA}/DomainSysvol/GPO/User/comment.cmtx
@@ -0,0 +1,12 @@
+<?xml version='1.0' encoding='utf-8'?>
+<policyComments xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://www.microsoft.com/GroupPolicy/CommentDefinitions">
+  <policyNamespaces>
+    <using prefix="ns0" namespace="Microsoft.Policies.InternetExplorer"></using>
+  </policyNamespaces>
+  <comments>
+    <admTemplate></admTemplate>
+  </comments>
+  <resources minRequiredRevision="1.0">
+    <stringTable></stringTable>
+  </resources>
+</policyComments>
\ No newline at end of file
diff --git a/PAW/GPO/{CC4086FF-885D-4788-86AC-A348C91923CA}/DomainSysvol/GPO/User/registry.pol b/PAW/GPO/{CC4086FF-885D-4788-86AC-A348C91923CA}/DomainSysvol/GPO/User/registry.pol
new file mode 100644
index 0000000..3fbffbe
Binary files /dev/null and b/PAW/GPO/{CC4086FF-885D-4788-86AC-A348C91923CA}/DomainSysvol/GPO/User/registry.pol differ
diff --git a/PAW/GPO/{CC4086FF-885D-4788-86AC-A348C91923CA}/bkupInfo.xml b/PAW/GPO/{CC4086FF-885D-4788-86AC-A348C91923CA}/bkupInfo.xml
new file mode 100644
index 0000000..b45e7b6
--- /dev/null
+++ b/PAW/GPO/{CC4086FF-885D-4788-86AC-A348C91923CA}/bkupInfo.xml
@@ -0,0 +1 @@
+<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{F2DC4F2C-D889-4AD5-8AE8-7C93FACEFC13}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:49:31]]></BackupTime><ID><![CDATA[{CC4086FF-885D-4788-86AC-A348C91923CA}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Tier0 PAW Configuration - User PAC]]></GPODisplayName></BackupInst>
diff --git a/PAW/GPO/{CC4086FF-885D-4788-86AC-A348C91923CA}/gpreport.xml b/PAW/GPO/{CC4086FF-885D-4788-86AC-A348C91923CA}/gpreport.xml
new file mode 100644
index 0000000..99221a9
Binary files /dev/null and b/PAW/GPO/{CC4086FF-885D-4788-86AC-A348C91923CA}/gpreport.xml differ
diff --git a/PAW/GPO/{FA607D99-8C41-4373-B6A6-D3266E99C7F7}/Backup.xml b/PAW/GPO/{FA607D99-8C41-4373-B6A6-D3266E99C7F7}/Backup.xml
new file mode 100644
index 0000000..7acfabe
--- /dev/null
+++ b/PAW/GPO/{FA607D99-8C41-4373-B6A6-D3266E99C7F7}/Backup.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation.  All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
+    <GroupPolicyObject><SecurityGroups><Group><Sid/><SamAccountName><![CDATA[Administrators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid/><SamAccountName><![CDATA[Account Operators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid/><SamAccountName><![CDATA[Backup Operators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid/><SamAccountName><![CDATA[Cryptographic Operators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid/><SamAccountName><![CDATA[Print Operators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid/><SamAccountName><![CDATA[Server Operators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-516]]></Sid><SamAccountName><![CDATA[Domain Controllers]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Domain Controllers@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-518]]></Sid><SamAccountName><![CDATA[Schema Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Schema Admins@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Domain Admins@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-520]]></Sid><SamAccountName><![CDATA[Group Policy Creator Owners]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Group Policy Creator Owners@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-521]]></Sid><SamAccountName><![CDATA[Read-only Domain Controllers]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Read-only Domain Controllers@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1103]]></Sid><SamAccountName><![CDATA[Tier0ReplicationMaintenance]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier0ReplicationMaintenance@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1104]]></Sid><SamAccountName><![CDATA[Tier1ServerMaintenance]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier1ServerMaintenance@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1105]]></Sid><SamAccountName><![CDATA[Tier2ServiceDeskOperators]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier2ServiceDeskOperators@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1106]]></Sid><SamAccountName><![CDATA[Tier2WorkstationMaintenance]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier2WorkstationMaintenance@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1107]]></Sid><SamAccountName><![CDATA[tier1admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[tier1admins@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1109]]></Sid><SamAccountName><![CDATA[Tier0PAWUsers]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier0PAWUsers@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1110]]></Sid><SamAccountName><![CDATA[Tier0PAWMaint]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier0PAWMaint@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1111]]></Sid><SamAccountName><![CDATA[Tier1PAWUsers]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier1PAWUsers@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1112]]></Sid><SamAccountName><![CDATA[Tier1PAWMaint]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier1PAWMaint@mvp.azureblog.pl]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{C4FBC814-7234-403A-9581-CD8E020684F4}]]></ID><Domain><![CDATA[mvp.azureblog.pl]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[Tier2 Restrict Workstation Logon]]></DisplayName><Options><![CDATA[1]]></Options><UserVersionNumber><![CDATA[65537]]></UserVersionNumber><MachineVersionNumber><![CDATA[196611]]></MachineVersionNumber><MachineExtensionGuids><![CDATA[[{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]]]></MachineExtensionGuids><UserExtensionGuids/><WMIFilter/></GroupPolicyCoreSettings> 
+        <GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
+            
+            
+            <FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{C4FBC814-7234-403A-9581-CD8E020684F4}\Adm\*.*"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+        <GroupPolicyExtension bkp:ID="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}" bkp:DescName="Security">
+            <FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{C4FBC814-7234-403A-9581-CD8E020684F4}\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:ReEvaluateFunction="SecurityValidateSettings" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+    <GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{C4FBC814-7234-403A-9581-CD8E020684F4}\Machine\microsoft" bkp:Location="DomainSysvol\GPO\Machine\microsoft"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{C4FBC814-7234-403A-9581-CD8E020684F4}\Machine\microsoft\windows nt" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{C4FBC814-7234-403A-9581-CD8E020684F4}\Machine\microsoft\windows nt\SecEdit" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{C4FBC814-7234-403A-9581-CD8E020684F4}\Machine\Scripts" bkp:Location="DomainSysvol\GPO\Machine\Scripts"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Shutdown" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{C4FBC814-7234-403A-9581-CD8E020684F4}\Machine\Scripts\Shutdown" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Shutdown"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Startup" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{C4FBC814-7234-403A-9581-CD8E020684F4}\Machine\Scripts\Startup" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Startup"/></GroupPolicyExtension></GroupPolicyObject>
+</GroupPolicyBackupScheme>
\ No newline at end of file
diff --git a/PAW/GPO/{FA607D99-8C41-4373-B6A6-D3266E99C7F7}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf b/PAW/GPO/{FA607D99-8C41-4373-B6A6-D3266E99C7F7}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf
new file mode 100644
index 0000000..fed3b05
Binary files /dev/null and b/PAW/GPO/{FA607D99-8C41-4373-B6A6-D3266E99C7F7}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf differ
diff --git a/PAW/GPO/{FA607D99-8C41-4373-B6A6-D3266E99C7F7}/bkupInfo.xml b/PAW/GPO/{FA607D99-8C41-4373-B6A6-D3266E99C7F7}/bkupInfo.xml
new file mode 100644
index 0000000..e45375f
--- /dev/null
+++ b/PAW/GPO/{FA607D99-8C41-4373-B6A6-D3266E99C7F7}/bkupInfo.xml
@@ -0,0 +1 @@
+<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{C4FBC814-7234-403A-9581-CD8E020684F4}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:49:33]]></BackupTime><ID><![CDATA[{FA607D99-8C41-4373-B6A6-D3266E99C7F7}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Tier2 Restrict Workstation Logon]]></GPODisplayName></BackupInst>
diff --git a/PAW/GPO/{FA607D99-8C41-4373-B6A6-D3266E99C7F7}/gpreport.xml b/PAW/GPO/{FA607D99-8C41-4373-B6A6-D3266E99C7F7}/gpreport.xml
new file mode 100644
index 0000000..d01b3fe
Binary files /dev/null and b/PAW/GPO/{FA607D99-8C41-4373-B6A6-D3266E99C7F7}/gpreport.xml differ
diff --git a/PAW/GPO/{FD46ED83-28F1-448B-B383-7FEA9D0D532A}/Backup.xml b/PAW/GPO/{FD46ED83-28F1-448B-B383-7FEA9D0D532A}/Backup.xml
new file mode 100644
index 0000000..9bb3caa
--- /dev/null
+++ b/PAW/GPO/{FD46ED83-28F1-448B-B383-7FEA9D0D532A}/Backup.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation.  All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
+    <GroupPolicyObject><SecurityGroups><Group><Sid/><SamAccountName><![CDATA[Administrators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid/><SamAccountName><![CDATA[Account Operators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid/><SamAccountName><![CDATA[Backup Operators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid/><SamAccountName><![CDATA[Cryptographic Operators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid/><SamAccountName><![CDATA[Print Operators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid/><SamAccountName><![CDATA[Server Operators]]></SamAccountName><Type><![CDATA[Unknown]]></Type><NetBIOSDomainName/><DnsDomainName/><UPN/></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-516]]></Sid><SamAccountName><![CDATA[Domain Controllers]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Domain Controllers@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-518]]></Sid><SamAccountName><![CDATA[Schema Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Schema Admins@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Domain Admins@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-520]]></Sid><SamAccountName><![CDATA[Group Policy Creator Owners]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Group Policy Creator Owners@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-521]]></Sid><SamAccountName><![CDATA[Read-only Domain Controllers]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Read-only Domain Controllers@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1103]]></Sid><SamAccountName><![CDATA[Tier0ReplicationMaintenance]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier0ReplicationMaintenance@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1104]]></Sid><SamAccountName><![CDATA[Tier1ServerMaintenance]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier1ServerMaintenance@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1105]]></Sid><SamAccountName><![CDATA[Tier2ServiceDeskOperators]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier2ServiceDeskOperators@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1106]]></Sid><SamAccountName><![CDATA[Tier2WorkstationMaintenance]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier2WorkstationMaintenance@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1107]]></Sid><SamAccountName><![CDATA[tier1admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[tier1admins@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1108]]></Sid><SamAccountName><![CDATA[tier2admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[tier2admins@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1109]]></Sid><SamAccountName><![CDATA[Tier0PAWUsers]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier0PAWUsers@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1110]]></Sid><SamAccountName><![CDATA[Tier0PAWMaint]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier0PAWMaint@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1111]]></Sid><SamAccountName><![CDATA[Tier1PAWUsers]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier1PAWUsers@mvp.azureblog.pl]]></UPN></Group><Group><Sid><![CDATA[S-1-5-21-3866420285-3461250396-184685434-1112]]></Sid><SamAccountName><![CDATA[Tier1PAWMaint]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[MVP]]></NetBIOSDomainName><DnsDomainName><![CDATA[mvp.azureblog.pl]]></DnsDomainName><UPN><![CDATA[Tier1PAWMaint@mvp.azureblog.pl]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{8E159B0A-34BF-4B39-9AEF-743863455878}]]></ID><Domain><![CDATA[mvp.azureblog.pl]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 3d e4 74 e6 5c 7d 4e ce 7a 13 02 0b 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[Restrict Quarantine Logon]]></DisplayName><Options><![CDATA[1]]></Options><UserVersionNumber><![CDATA[65537]]></UserVersionNumber><MachineVersionNumber><![CDATA[393222]]></MachineVersionNumber><MachineExtensionGuids><![CDATA[[{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]]]></MachineExtensionGuids><UserExtensionGuids/><WMIFilter/></GroupPolicyCoreSettings> 
+        <GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
+            
+            
+            <FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{8E159B0A-34BF-4B39-9AEF-743863455878}\Adm\*.*"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+        <GroupPolicyExtension bkp:ID="{827D319E-6EAC-11D2-A4EA-00C04F79F83A}" bkp:DescName="Security">
+            <FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{8E159B0A-34BF-4B39-9AEF-743863455878}\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf" bkp:ReEvaluateFunction="SecurityValidateSettings" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+    <GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Applications" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{8E159B0A-34BF-4B39-9AEF-743863455878}\Machine\Applications" bkp:Location="DomainSysvol\GPO\Machine\Applications"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{8E159B0A-34BF-4B39-9AEF-743863455878}\Machine\microsoft" bkp:Location="DomainSysvol\GPO\Machine\microsoft"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{8E159B0A-34BF-4B39-9AEF-743863455878}\Machine\microsoft\windows nt" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\microsoft\windows nt\SecEdit" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{8E159B0A-34BF-4B39-9AEF-743863455878}\Machine\microsoft\windows nt\SecEdit" bkp:Location="DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{8E159B0A-34BF-4B39-9AEF-743863455878}\Machine\Scripts" bkp:Location="DomainSysvol\GPO\Machine\Scripts"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Shutdown" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{8E159B0A-34BF-4B39-9AEF-743863455878}\Machine\Scripts\Shutdown" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Shutdown"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Startup" bkp:SourceExpandedPath="\\vm-dc-neu.mvp.azureblog.pl\sysvol\mvp.azureblog.pl\Policies\{8E159B0A-34BF-4B39-9AEF-743863455878}\Machine\Scripts\Startup" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Startup"/></GroupPolicyExtension></GroupPolicyObject>
+</GroupPolicyBackupScheme>
\ No newline at end of file
diff --git a/PAW/GPO/{FD46ED83-28F1-448B-B383-7FEA9D0D532A}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf b/PAW/GPO/{FD46ED83-28F1-448B-B383-7FEA9D0D532A}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf
new file mode 100644
index 0000000..b5fc14e
Binary files /dev/null and b/PAW/GPO/{FD46ED83-28F1-448B-B383-7FEA9D0D532A}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf differ
diff --git a/PAW/GPO/{FD46ED83-28F1-448B-B383-7FEA9D0D532A}/bkupInfo.xml b/PAW/GPO/{FD46ED83-28F1-448B-B383-7FEA9D0D532A}/bkupInfo.xml
new file mode 100644
index 0000000..1cba580
--- /dev/null
+++ b/PAW/GPO/{FD46ED83-28F1-448B-B383-7FEA9D0D532A}/bkupInfo.xml
@@ -0,0 +1 @@
+<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{8E159B0A-34BF-4B39-9AEF-743863455878}]]></GPOGuid><GPODomain><![CDATA[mvp.azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{0fd097d3-c0ad-4e10-937f-14695d44ef51}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc-neu.mvp.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2021-09-29T10:49:30]]></BackupTime><ID><![CDATA[{FD46ED83-28F1-448B-B383-7FEA9D0D532A}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[Restrict Quarantine Logon]]></GPODisplayName></BackupInst>
diff --git a/PAW/GPO/{FD46ED83-28F1-448B-B383-7FEA9D0D532A}/gpreport.xml b/PAW/GPO/{FD46ED83-28F1-448B-B383-7FEA9D0D532A}/gpreport.xml
new file mode 100644
index 0000000..9bfa908
Binary files /dev/null and b/PAW/GPO/{FD46ED83-28F1-448B-B383-7FEA9D0D532A}/gpreport.xml differ
diff --git a/PAW/PAW_steps.ps1 b/PAW/PAW_steps.ps1
index 4733d7b..e71c52a 100644
--- a/PAW/PAW_steps.ps1
+++ b/PAW/PAW_steps.ps1
@@ -1,69 +1,77 @@
 Throw "this is not a robust file" 
 $location = Get-Location
-Set-Location C:\Tools\PAW
+$dsnAME = (Get-ADDomain).DistinguishedName
+$dNC = (Get-ADRootDSE).defaultNamingContext
+$domain = $env:USERDNSDOMAIN
+$ScriptsLocation =  "C:\Tools\ADSecurity\PAW"
+Set-Location $ScriptsLocation
+
+Import-Module ActiveDirectory
 
 #Region create Groups 
-$csv = Read-Host -Prompt "Please provide full path to Admin Groups csv file"
-.\Create-Group.ps1 -CSVfile $csv -Verbose
-$csv = Read-Host -Prompt "Please provide full path to Standard Groups csv file"
-.\Create-Group.ps1 -CSVfile $csv -Verbose
+    $csv = Read-Host -Prompt "Please provide full path to Admin Groups csv file (without quotation marks)"
+    .$ScriptsLocation\Scripts\Create-Group.ps1 -CSVfile $csv -Verbose
+    $csv = Read-Host -Prompt "Please provide full path to Standard Groups csv file (without quotation marks)"
+    .$ScriptsLocation\Scripts\Create-Group.ps1 -CSVfile $csv -Verbose
 #endRegion
 
 #Region create Users
-$csv = Read-Host -Prompt "Please provide full path to Users csv file"
-.\Create-User.ps1 -CSVfile $csv -password zaq12WSXcde3 -Verbose
+    $csv = Read-Host -Prompt "Please provide full path to Users csv file (without quotation marks)"
+    .$ScriptsLocation\Scripts\Create-User.ps1 -CSVfile $csv -password zaq12WSXcde3 -Verbose
 #endRegion
 
 #region import GPO
-    Throw "Please update migration table file"
-    $BackupPath = Read-Host -Prompt "Please provide full path to GPO backups"
-    $GPOMigrationTable = Read-Host -Prompt "Please provide full path to GPO Migration Table"
-    .\Import-GPO.ps1 -BackupPath $BackupPath -GPOMigrationTable $GPOMigrationTable -Verbose
-    Set-Location C:\Tools\PAW
-    Write-Host "!!!!!!!!!!!!!!!! Please copy proxy.pac file to the Sysvol\Scripts\" -ForegroundColor Green
+    $backupPath = "$ScriptsLocation\GPO"
+    $migTable = "gpo_backup_" + $((Get-ADDOmain).NetBIOSName) + ".migtable"
+    $migTablePath = "$ScriptsLocation\Scripts\" + $migTable
+    Copy-Item -Path $ScriptsLocation\Scripts\gpo_backup.migtable -Destination $migTablePath
+    ((Get-Content -path $migTablePath  -Raw) -replace 'CHANGEME', $dnsRoot )| Set-Content -Path $migTablePath 
+    $gPOMigrationTable = (Get-ChildItem -Path "$ScriptsLocation\Scripts\" -Filter "$migTable").fullname
+    .$ScriptsLocation\Scripts\Import-GPO.ps1 -BackupPath $backupPath -GPOMigrationTable $gPOMigrationTable -Verbose
+    Set-Location $location
 #endregion
 
 #region Link gpo
     $GpoLinks = @(
-        $(New-Object PSObject -Property @{ Name = "Do Not Display Logon Information" ; OU = "OU=Devices,OU=Tier0,OU=Admin"; Order = 1 ;LinkEnabled = 'YES'}),
-        $(New-Object PSObject -Property @{ Name = "Do Not Display Logon Information" ; OU = "OU=Tier0 Servers,OU=Tier0,OU=Admin"; Order = 1 ;LinkEnabled = 'YES'}),
-        $(New-Object PSObject -Property @{ Name = "Do Not Display Logon Information" ; OU = "OU=Devices,OU=Tier1,OU=Admin"; Order = 1 ;LinkEnabled = 'YES'}),
-        $(New-Object PSObject -Property @{ Name = "Do Not Display Logon Information" ; OU = "OU=Devices,OU=Tier2,OU=Admin"; Order = 1 ;LinkEnabled = 'YES'}),
-        $(New-Object PSObject -Property @{ Name = "Do Not Display Logon Information" ; OU = "OU=Tier 1 Servers"; Order = 1 ;LinkEnabled = 'YES'}),
-        $(New-Object PSObject -Property @{ Name = "Do Not Display Logon Information" ; OU = "OU=Workstations"; Order = 1 ;LinkEnabled = 'YES'}),
-        $(New-Object PSObject -Property @{ Name = "Restrict Quarantine Logon" ; OU = "OU=Quarantine"; Order = 1 ;LinkEnabled = 'YES'}),
-        $(New-Object PSObject -Property @{ Name = "Tier0 Restrict Server Logon" ; OU = "OU=Devices,OU=Tier0,OU=Admin"; Order = 1 ;LinkEnabled = 'YES'}),   
-        $(New-Object PSObject -Property @{ Name = "Tier0 Restrict Server Logon" ; OU = "OU=Tier0 Servers,OU=Tier0,OU=Admin"; Order = 1 ;LinkEnabled = 'YES'}),
-        $(New-Object PSObject -Property @{ Name = "Tier1 Restrict Server Logon" ; OU = "OU=Devices,OU=Tier1,OU=Admin"; Order = 1 ;LinkEnabled = 'YES'}),
-        $(New-Object PSObject -Property @{ Name = "Tier1 Restrict Server Logon" ; OU = "OU=Tier 1 Servers"; Order = 1 ;LinkEnabled = 'YES'}),
-        $(New-Object PSObject -Property @{ Name = "Tier2 Restrict Workstation Logon" ; OU = "OU=Devices,OU=Tier2,OU=Admin"; Order = 1 ;LinkEnabled = 'YES'}),
-        $(New-Object PSObject -Property @{ Name = "Tier2 Restrict Workstation Logon" ; OU = "OU=Workstations"; Order = 1 ;LinkEnabled = 'YES'}),
-        $(New-Object PSObject -Property @{ Name = "Tier0 PAW Configuration - Computer" ; OU = "OU=Devices,OU=Tier0,OU=Admin"; Order = 1 ;LinkEnabled = 'YES'}),
-        $(New-Object PSObject -Property @{ Name = "Tier0 PAW Configuration - User" ; OU = "OU=Accounts,OU=Tier0,OU=Admin"; Order = 1 ;LinkEnabled = 'No'}),
-        $(New-Object PSObject -Property @{ Name = "Tier0 PAW Configuration - User PAC" ; OU = "OU=Accounts,OU=Tier0,OU=Admin"; Order = 1 ;LinkEnabled = 'YES'}),
-        $(New-Object PSObject -Property @{ Name = "Tier1 PAW Configuration - Computer" ; OU = "OU=Devices,OU=Tier1,OU=Admin"; Order = 1 ;LinkEnabled = 'YES'}),
-        $(New-Object PSObject -Property @{ Name = "Tier1 PAW Configuration - User" ; OU = "OU=Accounts,OU=Tier1,OU=Admin"; Order = 1 ;LinkEnabled = 'NO'})
-        $(New-Object PSObject -Property @{ Name = "Tier1 PAW Configuration - User PAC" ; OU = "OU=Accounts,OU=Tier1,OU=Admin"; Order = 1 ;LinkEnabled = 'YES'})
+        $(New-Object PSObject -Property @{ Name = "Do Not Display Logon Information" ; OU = "OU=Devices,OU=Tier0,OU=Admin"; Order = 1 ; LinkEnabled = 'YES' }),
+        $(New-Object PSObject -Property @{ Name = "Do Not Display Logon Information" ; OU = "OU=Devices,OU=Tier1,OU=Admin"; Order = 1 ; LinkEnabled = 'YES' }),
+        $(New-Object PSObject -Property @{ Name = "Do Not Display Logon Information" ; OU = "OU=Devices,OU=Tier2,OU=Admin"; Order = 1 ; LinkEnabled = 'YES' }),
+        $(New-Object PSObject -Property @{ Name = "Do Not Display Logon Information" ; OU = "OU=Tier 1 Servers"; Order = 1 ; LinkEnabled = 'YES' }),
+        $(New-Object PSObject -Property @{ Name = "Do Not Display Logon Information" ; OU = "OU=Workstations"; Order = 1 ; LinkEnabled = 'YES' }),
+        $(New-Object PSObject -Property @{ Name = "Restrict Quarantine Logon" ; OU = "OU=Quarantine"; Order = 1 ; LinkEnabled = 'YES' }),
+        $(New-Object PSObject -Property @{ Name = "Tier0 Restrict Server Logon" ; OU = "OU=Devices,OU=Tier0,OU=Admin"; Order = 1 ; LinkEnabled = 'YES' }),
+        $(New-Object PSObject -Property @{ Name = "Tier1 Restrict Server Logon" ; OU = "OU=Devices,OU=Tier1,OU=Admin"; Order = 1 ; LinkEnabled = 'YES' }),
+        $(New-Object PSObject -Property @{ Name = "Tier1 Restrict Server Logon" ; OU = "OU=Tier 1 Servers"; Order = 1 ; LinkEnabled = 'YES' }),
+        $(New-Object PSObject -Property @{ Name = "Tier2 Restrict Workstation Logon" ; OU = "OU=Devices,OU=Tier2,OU=Admin"; Order = 1 ; LinkEnabled = 'YES' }),
+        $(New-Object PSObject -Property @{ Name = "Tier2 Restrict Workstation Logon" ; OU = "OU=Workstations"; Order = 1 ; LinkEnabled = 'YES' }),
+        $(New-Object PSObject -Property @{ Name = "Tier0 PAW Configuration - Computer" ; OU = "OU=Devices,OU=Tier0,OU=Admin"; Order = 1 ; LinkEnabled = 'YES' }),
+        $(New-Object PSObject -Property @{ Name = "Tier0 PAW Configuration - User" ; OU = "OU=Accounts,OU=Tier0,OU=Admin"; Order = 1 ; LinkEnabled = 'No' }),
+        $(New-Object PSObject -Property @{ Name = "Tier0 PAW Configuration - User PAC" ; OU = "OU=Accounts,OU=Tier0,OU=Admin"; Order = 1 ; LinkEnabled = 'YES' }),
+        $(New-Object PSObject -Property @{ Name = "Tier1 PAW Configuration - Computer" ; OU = "OU=Devices,OU=Tier1,OU=Admin"; Order = 1 ; LinkEnabled = 'YES' }),
+        $(New-Object PSObject -Property @{ Name = "Tier1 PAW Configuration - User" ; OU = "OU=Accounts,OU=Tier1,OU=Admin"; Order = 1 ; LinkEnabled = 'NO' })
+        $(New-Object PSObject -Property @{ Name = "Tier1 PAW Configuration - User PAC" ; OU = "OU=Accounts,OU=Tier1,OU=Admin"; Order = 1 ; LinkEnabled = 'YES' })
     )
-    .\Link-GpoToOU.ps1 -GpoLinks $GpoLinks -Verbose
+    .$ScriptsLocation\Scripts\Link-GpoToOU.ps1 -GpoLinks $GpoLinks -Verbose
+     Set-Location $location
+
 dsa.msc
 gpmc.msc
 #endregion
 
 #region Setup Computer Objects 
-    Get-ADComputer -Identity W10 | Move-ADObject -TargetPath "OU=Quarantine,DC=Azureblog,DC=pl"
-    Get-ADComputer -Identity SRV01 | Move-ADObject -TargetPath "OU=Devices,OU=Tier0,OU=Admin,DC=Azureblog,DC=pl"
-    Get-ADCOmputer -Identity W10
-    Get-ADComputer -Identity SRV01
+    Get-ADComputer -Identity vm-cl01-plc | Move-ADObject -TargetPath "OU=Quarantine,DC=Azureblog,DC=pl"
+    Get-ADComputer -Identity vm-srv01-plc | Move-ADObject -TargetPath "OU=Devices,OU=Tier0,OU=Admin,DC=Azureblog,DC=pl"
+    Get-ADCOmputer -Identity vm-cl01-plc
+    Get-ADComputer -Identity vm-srv01-plc
 #endregion
 
-#region Tier0PAWUser on SRV01
+#region Tier0PAWUser on vm-srv01-plc
     whoami /groups
     net user testuser zaq12WSX /add
     [System.Net.WebProxy]::GetDefaultProxy() | select address
 #endregion
 
-#region Tier0PAWMAintenancer on SRV01
+#region Tier0PAWMAintenancer on vm-srv01-plc
     whoami /groups
     net user testuser zaq12WSX /add
     net user testuser
@@ -72,5 +80,3 @@ gpmc.msc
 #endregion
 
 Set-Location $location
-
-
diff --git a/PAW/Reports/Do Not Display Logon Information.htm b/PAW/Reports/Do Not Display Logon Information.htm
new file mode 100644
index 0000000..6c22032
Binary files /dev/null and b/PAW/Reports/Do Not Display Logon Information.htm differ
diff --git a/PAW/Reports/Kerberos client support for claims.htm b/PAW/Reports/Kerberos client support for claims.htm
new file mode 100644
index 0000000..e9ee847
Binary files /dev/null and b/PAW/Reports/Kerberos client support for claims.htm differ
diff --git a/PAW/Reports/Restrict Quarantine Logon.htm b/PAW/Reports/Restrict Quarantine Logon.htm
new file mode 100644
index 0000000..c19b319
Binary files /dev/null and b/PAW/Reports/Restrict Quarantine Logon.htm differ
diff --git a/PAW/Reports/Tier0 PAW Configuration - Computer.htm b/PAW/Reports/Tier0 PAW Configuration - Computer.htm
new file mode 100644
index 0000000..1f690a5
Binary files /dev/null and b/PAW/Reports/Tier0 PAW Configuration - Computer.htm differ
diff --git a/PAW/Reports/Tier0 PAW Configuration - User PAC.htm b/PAW/Reports/Tier0 PAW Configuration - User PAC.htm
new file mode 100644
index 0000000..8617d80
Binary files /dev/null and b/PAW/Reports/Tier0 PAW Configuration - User PAC.htm differ
diff --git a/PAW/Reports/Tier0 PAW Configuration - User.htm b/PAW/Reports/Tier0 PAW Configuration - User.htm
new file mode 100644
index 0000000..f35d96d
Binary files /dev/null and b/PAW/Reports/Tier0 PAW Configuration - User.htm differ
diff --git a/PAW/Reports/Tier0 Restrict Server Logon.htm b/PAW/Reports/Tier0 Restrict Server Logon.htm
new file mode 100644
index 0000000..87faf71
Binary files /dev/null and b/PAW/Reports/Tier0 Restrict Server Logon.htm differ
diff --git a/PAW/Reports/Tier1 PAW Configuration - Computer.htm b/PAW/Reports/Tier1 PAW Configuration - Computer.htm
new file mode 100644
index 0000000..9021b18
Binary files /dev/null and b/PAW/Reports/Tier1 PAW Configuration - Computer.htm differ
diff --git a/PAW/Reports/Tier1 PAW Configuration - User PAC.htm b/PAW/Reports/Tier1 PAW Configuration - User PAC.htm
new file mode 100644
index 0000000..6aecfc0
Binary files /dev/null and b/PAW/Reports/Tier1 PAW Configuration - User PAC.htm differ
diff --git a/PAW/Reports/Tier1 PAW Configuration - User.htm b/PAW/Reports/Tier1 PAW Configuration - User.htm
new file mode 100644
index 0000000..1498b21
Binary files /dev/null and b/PAW/Reports/Tier1 PAW Configuration - User.htm differ
diff --git a/PAW/Reports/Tier1 Restrict Server Logon.htm b/PAW/Reports/Tier1 Restrict Server Logon.htm
new file mode 100644
index 0000000..90c9cc3
Binary files /dev/null and b/PAW/Reports/Tier1 Restrict Server Logon.htm differ
diff --git a/PAW/Reports/Tier2 Restrict Workstation Logon.htm b/PAW/Reports/Tier2 Restrict Workstation Logon.htm
new file mode 100644
index 0000000..bc92180
Binary files /dev/null and b/PAW/Reports/Tier2 Restrict Workstation Logon.htm differ
diff --git a/PAW/Scripts/Create-Group.ps1 b/PAW/Scripts/Create-Group.ps1
new file mode 100644
index 0000000..94afb01
--- /dev/null
+++ b/PAW/Scripts/Create-Group.ps1
@@ -0,0 +1,40 @@
+<#
+    .Example
+    $csv = Read-Host -Prompt "Please provide full path to Groups csv file"
+    .\Create-Group.ps1 -CSVfile $csv -Verbose
+    PS C:\Tools> $csv = Read-Host -Prompt "Please provide full path to Groups csv file"
+    Please provide full path to Groups csv file: c:\tools\groups.csv
+    PS C:\Tools> .\Create-Group.ps1 -CSVfile $csv -Verbose
+    VERBOSE: Creating new Group 'Tier0ReplicationMaintenance' under 'OU=Groups,OU=Tier0,OU=Admin,DC=azureblog,DC=pl'
+    VERBOSE: Creating new Group 'Tier1ServerMaintenance' under 'OU=Groups,OU=Tier1,OU=Admin,DC=azureblog,DC=pl'
+    VERBOSE: Creating new Group 'ServiceDeskOperators' under 'OU=Groups,OU=Tier2,OU=Admin,DC=azureblog,DC=pl'
+    VERBOSE: Creating new Group 'WorkstationMaintenance' under 'OU=Groups,OU=Tier2,OU=Admin,DC=azureblog,DC=pl'
+    VERBOSE: Group 'tier1admins'already exists.
+    VERBOSE: Group 'tier2admins'already exists.
+#>
+
+[CmdletBinding()]
+param(
+    [string] $CSVfile
+)
+$dNC = (Get-ADRootDSE).defaultNamingContext
+$groups = Import-Csv $CSVfile
+foreach ($group in $groups) {
+    $groupName = $group.Name
+    $groupOUPrefix = $group.OU
+    $destOU = $group.OU + "," + $dNC
+    $groupDN = "CN=" + $groupName + "," + $destOU
+    $checkForGroup = Get-ADGroup -filter 'Name -eq $groupName' -ErrorAction SilentlyContinue
+    If ($checkForGroup.count -eq 0 ) {
+        Write-Verbose "Creating new Group '$($Group.samAccountName)' under '$destOU'"
+        New-ADGroup -Name $Group.Name -SamAccountName $Group.samAccountName -GroupCategory $Group.GroupCategory -GroupScope $Group.GroupScope -DisplayName $Group.DisplayName -Path $destOU -Description $Group.Description
+        If ($Group.Membership -ne "") {
+            Write-Verbose "Adding Group Membership '$($Group.Membership)' for group '$($Group.samAccountName)'"
+            Add-ADPrincipalGroupMembership -Identity $Group.samAccountName -MemberOf $Group.Membership
+        }
+        $error.Clear()
+    } 
+    Else {
+        Write-Verbose "Group '$($Group.samAccountName)'already exists."
+    }
+}
diff --git a/PAW/Scripts/Create-User.ps1 b/PAW/Scripts/Create-User.ps1
new file mode 100644
index 0000000..d13a76f
--- /dev/null
+++ b/PAW/Scripts/Create-User.ps1
@@ -0,0 +1,40 @@
+<#
+    .Example
+    $csv = Read-Host -Prompt "Please provide full path to Groups csv file"
+    .\Create-User.ps1 -CSVfile $csv -Password zaq12WSXcde3 -Verbose
+
+#>
+
+[CmdletBinding()]
+param(
+    [Parameter(Mandatory=$True)][string] $CSVfile,
+    [Parameter(Mandatory=$True)][string] $Password
+)
+$DNSRoot = (Get-ADDomain).DNSRoot
+$DSN = (Get-ADDomain).DistinguishedName
+$users = Import-Csv $CSVfile
+foreach ($user in $users) {
+    $name = $user.name
+    $samAccountName = $user.samAccountName
+    $UserPrincipalName = $samAccountName + '@' + $DNSRoot
+    $parentOU = $user.ParentOU + ',' + $DSN
+    $groupMembership = $user.GroupMembership
+    $enabled = [bool]$user.enabled
+    $checkForUser = [bool]( Get-ADUSer -Filter {SamAccountname -eq $samaccountname})
+    If ($checkForUser -eq $false) {
+        Write-Verbose "Creating new user '$samAccountName' under '$parentOU'"
+        New-ADUser -Name $name -Path $ParentOU -SamAccountName $samAccountName -UserPrincipalName $UserPrincipalName -AccountPassword (ConvertTo-SecureString $password -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $enabled -EmailAddress $UserPrincipalName
+        start-sleep -Seconds 5
+        if ($groupMembership -ne "") {
+            $groupMembership = ($user.GroupMembership) -split ','
+            foreach ($group in $groupMembership){
+                Write-Verbose "Adding User '$samAccountName' to Group '$group'"
+                Add-ADGroupMember -Identity $group -Members $samAccountName
+            }
+        }
+        $error.Clear()
+    } 
+    Else {
+        Write-Verbose "User '$samAccountName' already exists."
+    }
+}
diff --git a/PAW/Scripts/Import-GPO.ps1 b/PAW/Scripts/Import-GPO.ps1
new file mode 100644
index 0000000..624e346
--- /dev/null
+++ b/PAW/Scripts/Import-GPO.ps1
@@ -0,0 +1,36 @@
+<#
+    .Example
+    $BackupPath = Read-Host -Prompt "Please provide full path to GPO backups"
+    .\Import-GPO.ps1 -BackupPath $BackupPath -Verbose
+
+#>
+
+[CmdletBinding()]
+param(
+    [Parameter(Mandatory = $True)][string] $BackupPath,
+    [string] $GPOMigrationTable
+)
+
+$backupList = Get-ChildItem -Path $BackupPath -Exclude "manifest.xml"
+Set-Location $BackupPath
+$location = Get-Location
+foreach ($item in $backupList){
+    $backupID = $null
+    $xmlFilePath = $null
+    $gpoName = $null
+    $backupID = $item.name -replace "{","" -replace "}",""
+    $xmlFilePath = ".\$($item.name)\gpreport.xml"
+    [xml]$xmlFile = Get-Content -Path $xmlFilePath
+    $gpoName = $xmlFile.GPO.Name
+    Write-Host "Importing new GPO '$gpoName' with GUID '$backupID'" -ForegroundColor Green
+    Write-Host "Please remember to update proper groups in GPO settings" -ForegroundColor Green
+    if ($GPOMigrationTable -eq "") {
+        Write-Verbose 'Import-GPO -BackupId $backupID -TargetName $gpoName -Path $BackupPath -CreateIfNeeded'
+        Import-GPO -BackupId $backupID -TargetName $gpoName -Path $BackupPath -CreateIfNeeded
+    }
+    else {
+        Write-Verbose 'Import-GPO -BackupId $backupID -TargetName $gpoName -Path $BackupPath -MigrationTable $GPOMigrationTable -CreateIfNeeded'
+        Import-GPO -BackupId $backupID -TargetName $gpoName -Path $BackupPath -MigrationTable $GPOMigrationTable -CreateIfNeeded
+    }    
+    Set-Location $location
+}
\ No newline at end of file
diff --git a/PAW/Scripts/Link-GpoToOU.ps1 b/PAW/Scripts/Link-GpoToOU.ps1
new file mode 100644
index 0000000..f710fa5
--- /dev/null
+++ b/PAW/Scripts/Link-GpoToOU.ps1
@@ -0,0 +1,31 @@
+<#
+    .EXAMPLE
+    $GpoLinks = @(
+        $(New-Object PSObject -Property @{ Name = "POLICYNAME" ; OU = "OUPATH"; Order = 1; LinkEnabled = 'YES'}),
+    )
+    .\Link-GpoToOU.ps1 -GpoLinks $GpoLinks -Verbose
+#>
+
+
+[CmdletBinding()]
+param(
+    [Parameter(Mandatory = $True)][PSObject] $GpoLinks
+)
+Import-Module ActiveDirectory
+$DC = (Get-ADDomain).DistinguishedName
+
+$GpoLinks | foreach-Object {
+    $name = $_.Name
+    $OU = $_.ou
+    $order = $_.Order
+    $LinkEnabled = $_.LinkEnabled
+    if ($OU -eq "") {
+        
+        $ouPath = $DC
+    }
+    else {
+        $ouPath = "$OU,$DC"
+    }
+    Write-Verbose "Linking GPO '$name' into OU '$ouPath'"
+    New-GPLink -Name $name -Target $ouPath -LinkEnabled $LinkEnabled -Order $order
+}
diff --git a/PAW/Scripts/gpo_backup.migtable b/PAW/Scripts/gpo_backup.migtable
new file mode 100644
index 0000000..162de06
Binary files /dev/null and b/PAW/Scripts/gpo_backup.migtable differ
diff --git a/PAW/Scripts/proxy.pac b/PAW/Scripts/proxy.pac
new file mode 100644
index 0000000..7660af1
--- /dev/null
+++ b/PAW/Scripts/proxy.pac
@@ -0,0 +1,52 @@
+function FindProxyForURL(url, host) {
+ 
+if (shExpMatch(host, "*.aspnetcdn.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.aadrm.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.appex.bing.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.appex-rf.msn.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.assets-yammer.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.azure.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.azurecomcdn.net")) { return "DIRECT"; }
+if (shExpMatch(host, "*.cloudappsecurity.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.c.bing.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.gfx.ms")) { return "DIRECT"; }
+if (shExpMatch(host, "*.live.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.live.net")) { return "DIRECT"; }
+if (shExpMatch(host, "*.lync.com")) { return "DIRECT"; }
+if (shExpMatch(host, "maodatafeedsservice.cloudapp.net")) { return "DIRECT"; }
+if (shExpMatch(host, "*.microsoft.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.microsoftonline.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.microsoftonline-p.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.microsoftonline-p.net")) { return "DIRECT"; }
+if (shExpMatch(host, "*.microsoftonlineimages.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.microsoftonlinesupport.net")) { return "DIRECT"; }
+if (shExpMatch(host, "ms.tific.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.msecnd.net")) { return "DIRECT"; }
+if (shExpMatch(host, "*.msedge.net")) { return "DIRECT"; }
+if (shExpMatch(host, "*.msft.net")) { return "DIRECT"; }
+if (shExpMatch(host, "*.msocdn.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.onenote.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.outlook.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.office365.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.office.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.office.net")) { return "DIRECT"; }
+if (shExpMatch(host, "*.onmicrosoft.com")) { return "DIRECT"; }
+if (shExpMatch(host, "partnerservices.getmicrosoftkey.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.passport.net")) { return "DIRECT"; }
+if (shExpMatch(host, "*.phonefactor.net")) { return "DIRECT"; }
+if (shExpMatch(host, "*.s-microsoft.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.s-msn.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.sharepoint.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.sharepointonline.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.s-msn.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.symcb.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.yammer.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.yammerusercontent.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.verisign.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.windows.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.windows.net")) { return "DIRECT"; }
+if (shExpMatch(host, "*.windowsazure.com")) { return "DIRECT"; }
+if (shExpMatch(host, "*.windowsupdate.com")) { return "DIRECT"; }
+ 
+return "PROXY 127.0.0.2:8080";
+}
\ No newline at end of file
diff --git a/Tiering/DomainOUs.csv b/Tiering/DomainOUs.csv
new file mode 100644
index 0000000..85f53a5
--- /dev/null
+++ b/Tiering/DomainOUs.csv
@@ -0,0 +1,38 @@
+Name,ParentOU
+Admin,
+Groups,
+Tier 1 Servers,
+Workstations,
+User Accounts,
+Quarantine,
+Tier0,ou=Admin
+Tier1,ou=Admin
+Tier2,ou=Admin
+Accounts,"ou=Tier0,ou=Admin"
+Groups,"ou=Tier0,ou=Admin"
+Service Accounts,"ou=Tier0,ou=Admin"
+Devices,"ou=Tier0,ou=Admin"
+Tier0 Servers,"ou=Tier0,ou=Admin"
+Synchronisation,"ou=Tier0 Servers,ou=Tier0,ou=Admin"
+Accounts,"ou=Tier1,ou=Admin"
+Groups,"ou=Tier1,ou=Admin"
+Service Accounts,"ou=Tier1,ou=Admin"
+Devices,"ou=Tier1,ou=Admin"
+Accounts,"ou=Tier2,ou=Admin"
+Groups,"ou=Tier2,ou=Admin"
+Service Accounts,"ou=Tier2,ou=Admin"
+Devices,"ou=Tier2,ou=Admin"
+Security Groups,ou=Groups
+Distribution Groups,ou=Groups
+Contacts,ou=Groups
+Application,ou=Tier 1 Servers
+Collaboration,ou=Tier 1 Servers
+Database,ou=Tier 1 Servers
+Messaging,ou=Tier 1 Servers
+Staging,ou=Tier 1 Servers
+Desktops,ou=Workstations
+Kiosks,ou=Workstations
+Laptops,ou=Workstations
+Staging,ou=Workstations
+Enabled Users,ou=User Accounts
+Disabled Users,ou=User Accounts
diff --git a/Tiering/Scripts/Create-Group.ps1 b/Tiering/Scripts/Create-Group.ps1
new file mode 100644
index 0000000..791f4ab
--- /dev/null
+++ b/Tiering/Scripts/Create-Group.ps1
@@ -0,0 +1,42 @@
+<#
+    .Example
+    $csv = Read-Host -Prompt "Please provide full path to Groups csv file"
+    .\Create-Group.ps1 -CSVfile $csv -Verbose
+    PS C:\Tools> $csv = Read-Host -Prompt "Please provide full path to Groups csv file"
+    Please provide full path to Groups csv file: c:\tools\groups.csv
+    PS C:\Tools> .\Create-Group.ps1 -CSVfile $csv -Verbose
+    VERBOSE: Creating new Group 'Tier0ReplicationMaintenance' under 'OU=Groups,OU=Tier0,OU=Admin,DC=azureblog,DC=pl'
+    VERBOSE: Creating new Group 'Tier1ServerMaintenance' under 'OU=Groups,OU=Tier1,OU=Admin,DC=azureblog,DC=pl'
+    VERBOSE: Creating new Group 'ServiceDeskOperators' under 'OU=Groups,OU=Tier2,OU=Admin,DC=azureblog,DC=pl'
+    VERBOSE: Creating new Group 'WorkstationMaintenance' under 'OU=Groups,OU=Tier2,OU=Admin,DC=azureblog,DC=pl'
+    VERBOSE: Group 'tier1admins'already exists.
+    VERBOSE: Group 'tier2admins'already exists.
+#>
+
+[CmdletBinding()]
+param(
+        [parameter(Mandatory = $true)][string] $CSVfile
+)
+$dNC = (Get-ADRootDSE).defaultNamingContext
+$groups = Import-Csv $CSVfile
+foreach ($group in $groups) {
+    $groupName = $group.Name
+    $groupOUPrefix = $group.OU
+    $destOU = $group.OU + "," + $dNC
+    $groupDN = "CN=" + $groupName + "," + $destOU
+    $checkForGroup = Get-ADGroup -filter 'Name -eq $groupName' -ErrorAction SilentlyContinue
+    If ($checkForGroup.count -eq 0 ) {
+        Write-Host "Creating new Group '$($Group.samAccountName)' under '$destOU'" -ForegroundColor Green
+        Write-Verbose 'New-ADGroup -Name $Group.Name -SamAccountName $Group.samAccountName -GroupCategory $Group.GroupCategory -GroupScope $Group.GroupScope -DisplayName $Group.DisplayName -Path $destOU -Description $Group.Description'
+        New-ADGroup -Name $Group.Name -SamAccountName $Group.samAccountName -GroupCategory $Group.GroupCategory -GroupScope $Group.GroupScope -DisplayName $Group.DisplayName -Path $destOU -Description $Group.Description
+        If ($Group.Membership -ne "") {
+            Write-Host "Adding Group Membership '$($Group.Membership)' for group '$($Group.samAccountName)'" -foreground Green
+            Write-Verbose 'Add-ADPrincipalGroupMembership -Identity $Group.samAccountName -MemberOf $Group.Membership'
+            Add-ADPrincipalGroupMembership -Identity $Group.samAccountName -MemberOf $Group.Membership
+        }
+        $error.Clear()
+    } 
+    Else {
+        Write-Host "Group '$($Group.samAccountName)'already exists." -ForegroundColor Yellow
+    }
+}
diff --git a/Tiering/Scripts/Create-OU.ps1 b/Tiering/Scripts/Create-OU.ps1
new file mode 100644
index 0000000..0595989
--- /dev/null
+++ b/Tiering/Scripts/Create-OU.ps1
@@ -0,0 +1,59 @@
+<#
+    .Example
+    Atempt to create OU that not exists in the desired path
+    $OUs = @(
+    $(New-Object PSObject -Property @{Name = "Desktops"; ParentOU = "ou=Workstations" }),
+    $(New-Object PSObject -Property @{Name = "Kiosks"; ParentOU = "ou=Workstations" }),
+    $(New-Object PSObject -Property @{Name = "Laptops"; ParentOU = "ou=Workstations" }),
+    $(New-Object PSObject -Property @{Name = "Staging"; ParentOU = "ou=Workstations" })
+    )
+    .\Create-OU.ps1 -OUs $OUs -Verbose
+    PS C:\Tools> .\Create-OU.ps1 -OUs $OUs -Verbose
+    VERBOSE: Creating new OU 'OU=Desktops,ou=Workstations,DC=azureblog,DC=pl'
+    VERBOSE: Creating new OU 'OU=Kiosks,ou=Workstations,DC=azureblog,DC=pl'
+    VERBOSE: Creating new OU 'OU=Laptops,ou=Workstations,DC=azureblog,DC=pl'
+    VERBOSE: Creating new OU 'OU=Staging,ou=Workstations,DC=azureblog,DC=pl'
+    .Example
+    Atempt to create OU that already exists in the desired path
+    $OUs = @(
+    $(New-Object PSObject -Property @{Name = "Desktops"; ParentOU = "ou=Workstations" }),
+    $(New-Object PSObject -Property @{Name = "Kiosks"; ParentOU = "ou=Workstations" }),
+    $(New-Object PSObject -Property @{Name = "Laptops"; ParentOU = "ou=Workstations" }),
+    $(New-Object PSObject -Property @{Name = "Staging"; ParentOU = "ou=Workstations" })
+    )
+    .\Create-OU.ps1 -OUs $OUs -Verbose
+    PS C:\Tools> .\Create-OU.ps1 -OUs $OUs -Verbose
+    VERBOSE: OU 'Desktops' already exists under 'ou=Workstations,DC=azureblog,DC=pl'
+    VERBOSE: OU 'Kiosks' already exists under 'ou=Workstations,DC=azureblog,DC=pl'
+    VERBOSE: OU 'Laptops' already exists under 'ou=Workstations,DC=azureblog,DC=pl'
+    VERBOSE: OU 'Staging' already exists under 'ou=Workstations,DC=azureblog,DC=pl
+#>
+
+[CmdletBinding()]
+param(
+        [parameter(Mandatory = $true)][PSObject] $OUs
+)
+$dNC = (Get-ADRootDSE).defaultNamingContext
+$OUs | ForEach-Object {
+    $name = $_.Name
+    $parentOU = $_.ParentOU
+    
+    if ($ParentOU -eq '') {
+        $ouPath = "$dNC"
+        $testOUpath = "OU=$name,$dNC"
+    }
+    else {
+        $ouPath = "$parentOU,$dNC"
+        $testOUPath = "OU=$name,$parentOU,$dNC"
+    }
+    
+    $OUTest = (Get-ADOrganizationalUnit -Filter 'DistinguishedName -like $testOUpath' | Measure-Object).Count
+    if ($OUtest -eq 0) {
+        Write-Host "Creating new OU '$testOUPath'" -ForegroundColor Green
+        Write-Verbose 'New-ADOrganizationalUnit -Name $name -Path $OUPath -ProtectedFromAccidentalDeletion:$true'
+        New-ADOrganizationalUnit -Name $name -Path $OUPath -ProtectedFromAccidentalDeletion:$true
+    }
+    else {
+        Write-Host "OU '$name' already exists under '$ouPath'" -ForegroundColor Yellow
+    }
+}
diff --git a/Tiering/Scripts/Set-OUComputerPermissions.ps1 b/Tiering/Scripts/Set-OUComputerPermissions.ps1
new file mode 100644
index 0000000..dc778dc
--- /dev/null
+++ b/Tiering/Scripts/Set-OUComputerPermissions.ps1
@@ -0,0 +1,37 @@
+<#
+    .Example 
+    $List = @(
+        $(New-Object PSObject -Property @{Group = "WorkstationMaintenance"; OUPrefix = "OU=Computer Quarantine"}),
+        $(New-Object PSObject -Property @{Group = "WorkstationMaintenance"; OUPrefix = "OU=Workstations"}),
+        $(New-Object PSObject -Property @{Group = "PAWMaint"; OUPrefix = "OU=Devices,OU=Tier 0,OU=Admin"}),
+        $(New-Object PSObject -Property @{Group = "Tier1ServerMaintenance"; OUPrefix = "OU=Tier 1 Servers"})
+    )
+    .\Set-OUComputerPermissions.ps1 -list $list -Verbose
+    
+#>
+
+[CmdletBinding()]
+param(
+    [Parameter(Mandatory = $True)][PSOBject] $List
+)
+Import-Module ActiveDirectory
+
+$rootdse = Get-ADRootDSE
+$domain = Get-ADDomain
+$guidmap = @{ }
+Get-ADObject -SearchBase ($rootdse.SchemaNamingContext) -LDAPFilter "(schemaidguid=*)" -Properties lDAPDisplayName, schemaIDGUID | ForEach-Object { $guidmap[$_.lDAPDisplayName] = [System.GUID]$_.schemaIDGUID }
+
+$List | ForEach-Object {
+    $ouPrefix = $_.OUPrefix
+    $Group = $_.Group
+    $ouPath = "$OUPrefix,$($domain.DistinguishedName)"
+    $ou = Get-ADOrganizationalUnit -Identity $OUPAth
+    $adGroup = New-Object System.Security.Principal.SecurityIdentifier (Get-ADGroup -Identity $Group).SID
+    $acl = Get-ACL -Path "AD:$($ou.DistinguishedName)"
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "CreateChild,DeleteChild", "Allow", $guidmap["Computer"], "All"))
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ReadProperty", "Allow", "Descendents", $guidmap["Computer"]))
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "WriteProperty", "Allow", "Descendents", $guidmap["Computer"]))
+    Write-Host "Configuring Computer Permissions on '$ouPath' for group '$Group'" -ForegroundColor Green
+    Write-Verbose 'Set-ACL -ACLObject $acl -Path ("AD:\" + ($ou.DistinguishedName))'
+    Set-ACL -ACLObject $acl -Path ("AD:\" + ($ou.DistinguishedName))
+}
diff --git a/Tiering/Scripts/Set-OUGPOPermissions.ps1 b/Tiering/Scripts/Set-OUGPOPermissions.ps1
new file mode 100644
index 0000000..12d40c5
--- /dev/null
+++ b/Tiering/Scripts/Set-OUGPOPermissions.ps1
@@ -0,0 +1,36 @@
+<#
+
+    .Example
+    $List = @(
+        $(New-Object PSObject -Property @{Group = "Tier1ServerMaintenance"; OUPrefix = "OU=Tier 1 Servers"})
+    )
+    .\Set-OUGPOPermissions.ps1 -list $list -Verbose
+
+#>
+
+[CmdletBinding()]
+param(
+    [Parameter(Mandatory = $True)][PSOBject] $List
+)
+Import-Module ActiveDirectory
+
+$rootdse = Get-ADRootDSE
+$domain = Get-ADDomain
+$guidmap = @{ }
+Get-ADObject -SearchBase ($rootdse.SchemaNamingContext) -LDAPFilter "(schemaidguid=*)" -Properties lDAPDisplayName, schemaIDGUID | ForEach-Object { $guidmap[$_.lDAPDisplayName] = [System.GUID]$_.schemaIDGUID }
+$extendedrightsmap = @{ }
+Get-ADObject -SearchBase ($rootdse.ConfigurationNamingContext) -LDAPFilter "(&(objectclass=controlAccessRight)(rightsguid=*))" -Properties displayName, rightsGuid | ForEach-Object { $extendedrightsmap[$_.displayName] = [System.GUID]$_.rightsGuid }
+			
+$List | ForEach-Object {
+    $ouPrefix = $_.OUPrefix
+    $Group = $_.Group
+    $ouPath = "$OUPrefix,$($domain.DistinguishedName)"
+    $ou = Get-ADOrganizationalUnit -Identity $OUPAth
+    $adGroup = New-Object System.Security.Principal.SecurityIdentifier (Get-ADGroup -Identity $Group).SID
+    $acl = Get-ACL -Path "AD:$($ou.DistinguishedName)"
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ReadProperty,WriteProperty", "Allow", $guidmap["gplink"], "All"))
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ReadProperty", "Allow", $guidmap["gpoptions"], "All"))
+    Write-Host "Configuring GPO Permissions on '$ouPath' for group '$Group'" -ForegroundColor Green
+    Write-Verbose 'Set-ACL -ACLObject $acl -Path ("AD:\" + ($ou.DistinguishedName))'
+    Set-ACL -ACLObject $acl -Path ("AD:\" + ($ou.DistinguishedName))
+}
diff --git a/Tiering/Scripts/Set-OUGroupPermissions.ps1 b/Tiering/Scripts/Set-OUGroupPermissions.ps1
new file mode 100644
index 0000000..eaa6519
--- /dev/null
+++ b/Tiering/Scripts/Set-OUGroupPermissions.ps1
@@ -0,0 +1,36 @@
+<#
+    .Example
+    $List = @(
+        $(New-Object PSObject -Property @{Group = "Tier1Admins"; OUPrefix = "OU=Groups,ou=Tier1,ou=Admin"})
+    )
+    .\Set-OUGroupPermissions.ps1 -list $list -Verbose 
+#>
+
+[CmdletBinding()]
+param(
+    [Parameter(Mandatory = $True)][PSOBject] $List
+    
+)
+Import-Module ActiveDirectory
+
+$rootdse = Get-ADRootDSE
+$domain = Get-ADDomain
+$guidmap = @{ }
+Get-ADObject -SearchBase ($rootdse.SchemaNamingContext) -LDAPFilter "(schemaidguid=*)" -Properties lDAPDisplayName, schemaIDGUID | ForEach-Object { $guidmap[$_.lDAPDisplayName] = [System.GUID]$_.schemaIDGUID }
+$extendedrightsmap = @{ }
+Get-ADObject -SearchBase ($rootdse.ConfigurationNamingContext) -LDAPFilter "(&(objectclass=controlAccessRight)(rightsguid=*))" -Properties displayName, rightsGuid | ForEach-Object { $extendedrightsmap[$_.displayName] = [System.GUID]$_.rightsGuid }
+
+$List | ForEach-Object {
+    $ouPrefix = $_.OUPrefix
+    $Group = $_.Group
+    $ouPath = "$OUPrefix,$($domain.DistinguishedName)"
+    $ou = Get-ADOrganizationalUnit -Identity $OUPAth
+    $adGroup = New-Object System.Security.Principal.SecurityIdentifier (Get-ADGroup -Identity $Group).SID
+    $acl = Get-ACL -Path "AD:$($ou.DistinguishedName)"
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "CreateChild", "Allow", $guidmap["group"], "ALL"))
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ReadProperty", "Allow", "Descendents", $guidmap["group"]))
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "WriteProperty", "Allow", "Descendents", $guidmap["group"]))
+    Write-Host "Configuring Group Permissions on '$ouPath' for group '$Group'" -ForegroundColor Green
+    Write-Verbose 'Set-ACL -ACLObject $acl -Path ("AD:\" + ($ou.DistinguishedName))'
+    Set-ACL -ACLObject $acl -Path ("AD:\" + ($ou.DistinguishedName))
+}
diff --git a/Tiering/Scripts/Set-OUReplicationPermissions.ps1 b/Tiering/Scripts/Set-OUReplicationPermissions.ps1
new file mode 100644
index 0000000..327bb35
--- /dev/null
+++ b/Tiering/Scripts/Set-OUReplicationPermissions.ps1
@@ -0,0 +1,47 @@
+<#
+    .Example
+    $List = @(
+        $(New-Object PSObject -Property @{Group = "Tier0ReplicationMaintenance"; OUPrefix = "" })
+    )
+    .\Set-OUReplicationPermissions.ps1 -list $list -Verbose
+#>
+
+[CmdletBinding()]
+param(
+    [Parameter(Mandatory = $True)][PSOBject] $List
+    
+)
+Import-Module ActiveDirectory
+
+$rootdse = Get-ADRootDSE
+$domain = Get-ADDomain
+$guidmap = @{ }
+Get-ADObject -SearchBase ($rootdse.SchemaNamingContext) -LDAPFilter "(schemaidguid=*)" -Properties lDAPDisplayName, schemaIDGUID | ForEach-Object { $guidmap[$_.lDAPDisplayName] = [System.GUID]$_.schemaIDGUID }
+$extendedrightsmap = @{ }
+Get-ADObject -SearchBase ($rootdse.ConfigurationNamingContext) -LDAPFilter "(&(objectclass=controlAccessRight)(rightsguid=*))" -Properties displayName, rightsGuid | ForEach-Object { $extendedrightsmap[$_.displayName] = [System.GUID]$_.rightsGuid }
+
+$location = Get-Location
+Set-Location AD:
+$configCN = $rootdse.ConfigurationNamingContext
+$schemaNC = $rootdse.SchemaNamingContext
+$forestDnsZonesDN = "DC=ForestDnsZones," + $rootdse.RootDomainNamingContext
+$sitesDN = "CN=Sites," + $configCN
+$config = @($configCN, $schemaNC, $forestDnsZonesDN, $sitesDN)
+$List | ForEach-Object {
+    $group = $_.Group
+    $adGroup = New-Object System.Security.Principal.SecurityIdentifier (Get-ADGroup -Identity $group).SID
+    foreach ($configEntry in $config) {
+        $acl = Get-ACL -Path($configEntry)
+        $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ExtendedRight", "Allow", $extendedrightsmap["Manage Replication Topology"], "Descendents"))
+        $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ExtendedRight", "Allow", $extendedrightsmap["Replicating Directory Changes"], "Descendents"))
+        $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ExtendedRight", "Allow", $extendedrightsmap["Replicating Directory Changes All"], "Descendents"))
+        $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ExtendedRight", "Allow", $extendedrightsmap["Replication Synchronization"], "Descendents"))
+        if ($configEntry -like "CN=Configuration*" -or $configEntry -like "CN=Schema*") {
+            $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ExtendedRight", "Allow", $extendedrightsmap["Monitor active directory Replication"], "Descendents"))
+        }
+        Write-Host "Configuring Replication Maintenance Role Delegation on '$configEntry' for group '$group'" -ForegroundColor Green
+        Write-Verbose 'Set-ACL -ACLObject $acl -Path ("AD:\" + ($domain.DistinguishedName))'
+        Set-ACL -ACLObject $acl -Path ("AD:\" + ($domain.DistinguishedName))
+    }
+}
+Set-Location $Location
diff --git a/Tiering/Scripts/Set-OUUserPermissions.ps1 b/Tiering/Scripts/Set-OUUserPermissions.ps1
new file mode 100644
index 0000000..623e0e7
--- /dev/null
+++ b/Tiering/Scripts/Set-OUUserPermissions.ps1
@@ -0,0 +1,41 @@
+<#
+    .Example
+    $List = @(
+        $(New-Object PSObject -Property @{Group = "ServiceDeskOperators"; OUPrefix = "OU=User Accounts"})
+    )
+    .\Set-OUUserPermissions.ps1 -list $list -Verbose 
+#>
+
+[CmdletBinding()]
+param(
+    [Parameter(Mandatory = $True)][PSOBject] $List
+    
+)
+Import-Module ActiveDirectory
+
+$rootdse = Get-ADRootDSE
+$domain = Get-ADDomain
+$guidmap = @{ }
+Get-ADObject -SearchBase ($rootdse.SchemaNamingContext) -LDAPFilter "(schemaidguid=*)" -Properties lDAPDisplayName, schemaIDGUID | ForEach-Object { $guidmap[$_.lDAPDisplayName] = [System.GUID]$_.schemaIDGUID }
+$extendedrightsmap = @{ }
+Get-ADObject -SearchBase ($rootdse.ConfigurationNamingContext) -LDAPFilter "(&(objectclass=controlAccessRight)(rightsguid=*))" -Properties displayName, rightsGuid | ForEach-Object { $extendedrightsmap[$_.displayName] = [System.GUID]$_.rightsGuid }
+
+$List | ForEach-Object {
+    $ouPrefix = $_.OUPrefix
+    $Group = $_.Group
+    $ouPath = "$OUPrefix,$($domain.DistinguishedName)"
+    $ou = Get-ADOrganizationalUnit -Identity $OUPAth
+    $adGroup = New-Object System.Security.Principal.SecurityIdentifier (Get-ADGroup -Identity $Group).SID
+    $acl = Get-ACL -Path "AD:$($ou.DistinguishedName)"
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "CreateChild", "Allow", $guidmap["user"], "ALL"))
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ReadProperty", "Allow", "Descendents", $guidmap["user"]))
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "WriteProperty", "Allow", "Descendents", $guidmap["user"]))
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ExtendedRight", "Allow", $extendedrightsmap["Reset Password"], "Descendents", $guidmap["user"]))
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ReadProperty", "Allow", $guidmap["lockoutTime"], "Descendents", $guidmap["user"]))
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "WriteProperty", "Allow", $guidmap["lockoutTime"], "Descendents", $guidmap["user"]))
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ReadProperty", "Allow", $guidmap["pwdLastSet"], "Descendents", $guidmap["user"]))
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "WriteProperty", "Allow", $guidmap["pwdLastSet"], "Descendents", $guidmap["user"]))
+    Write-Host "Configuring User Permissions on '$ouPath' for group '$Group'" -ForegroundColor Green
+    Write-Verbose 'Set-ACL -ACLObject $acl -Path ("AD:\" + ($ou.DistinguishedName))'
+    Set-ACL -ACLObject $acl -Path ("AD:\" + ($ou.DistinguishedName))
+}
diff --git a/Tiering/Scripts/Set-OUWorkstationPermissions.ps1 b/Tiering/Scripts/Set-OUWorkstationPermissions.ps1
new file mode 100644
index 0000000..a4503d2
--- /dev/null
+++ b/Tiering/Scripts/Set-OUWorkstationPermissions.ps1
@@ -0,0 +1,35 @@
+<#
+    .Example
+    $List = @(
+        $(New-Object PSObject -Property @{Group = "ServiceDeskOperators"; OUPrefix = "OU=Workstations"})
+    .\Set-OUWorkstationPermissions.ps1 -list $list -Verbose
+#>
+
+[CmdletBinding()]
+param(
+    [Parameter(Mandatory = $True)][PSOBject] $List
+)
+Import-Module ActiveDirectory
+
+$rootdse = Get-ADRootDSE
+$domain = Get-ADDomain
+$guidmap = @{ }
+Get-ADObject -SearchBase ($rootdse.SchemaNamingContext) -LDAPFilter "(schemaidguid=*)" -Properties lDAPDisplayName, schemaIDGUID | ForEach-Object { $guidmap[$_.lDAPDisplayName] = [System.GUID]$_.schemaIDGUID }
+$List | ForEach-Object {
+    $ouPrefix = $_.OUPrefix
+    $Group = $_.Group
+    $ouPath = "$OUPrefix,$($domain.DistinguishedName)"
+    $ou = Get-ADOrganizationalUnit -Identity $OUPAth
+    $adGroup = New-Object System.Security.Principal.SecurityIdentifier (Get-ADGroup -Identity $Group).SID
+    $acl = Get-ACL -Path "AD:$($ou.DistinguishedName)"
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "CreateChild", "Allow", $guidmap["Computer"], "All"))
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ReadProperty", "Allow", "Descendents", $guidmap["Computer"]))
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "WriteProperty", "Allow", "Descendents", $guidmap["Computer"]))
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ReadProperty", "Allow", $guidmap["msTPM-OwnerInformation"], "Descendents", $guidmap["computer"]))
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ReadProperty", "Allow", $guidmap["msFVE-KeyPackage"], "Descendents", $guidmap["msFVE-RecoveryInformation"]))
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ReadProperty", "Allow", $guidmap["msFVE-RecoveryPassword"], "Descendents", $guidmap["msFVE-RecoveryInformation"]))
+    $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule $adGroup, "ReadProperty", "Allow", $guidmap["msFVE-VolumeGuid"], "Descendents", $guidmap["msFVE-RecoveryInformation"]))
+    Write-Host "Configuring Workstation Permissions on '$ouPath' for group '$Group'" -ForegroundColor Green
+    Write-Verbose 'Set-ACL -ACLObject $acl -Path ("AD:\" + ($ou.DistinguishedName))'
+    Set-ACL -ACLObject $acl -Path ("AD:\" + ($ou.DistinguishedName))
+} 
diff --git a/Tiering/Tiering_steps.ps1 b/Tiering/Tiering_steps.ps1
index c669514..1ef30f5 100644
--- a/Tiering/Tiering_steps.ps1
+++ b/Tiering/Tiering_steps.ps1
@@ -1,9 +1,13 @@
 throw "This is not a robus script"
 $location = Get-Location
-Set-Location C:\Tools
+$dsnAME = (Get-ADDomain).DistinguishedName
+$dNC = (Get-ADRootDSE).defaultNamingContext
+$domain = $env:USERDNSDOMAIN
+$ScriptsLocation =  "C:\Tools\ADSecurity\Tiering"
+Set-Location $ScriptsLocation
 
 Import-Module ActiveDirectory
-$dNC = (Get-ADRootDSE).defaultNamingContext
+
 
 
 #region Create Top Level OU's
@@ -15,10 +19,10 @@ $OUs = @(
     $(New-Object PSObject -Property @{Name = "User accounts"; ParentOU = "" }),
     $(New-Object PSObject -Property @{Name = "Quarantine"; ParentOU = "" })
 )
-.\Create-OU.ps1 -OUs $OUs -Verbose
+.$ScriptsLocation\Scripts\Create-OU.ps1 -OUs $OUs
 #endRegion 
 
-#region Create Sub Admin OU's
+#region Create Tiering OUs v1
 $OUs = @(
     $(New-Object PSObject -Property @{Name = "Tier0"; ParentOU = "ou=Admin" }),
     $(New-Object PSObject -Property @{Name = "Tier1"; ParentOU = "ou=Admin" }),
@@ -37,16 +41,15 @@ $OUs = @(
     $(New-Object PSObject -Property @{Name = "Service Accounts"; ParentOU = "ou=Tier2,ou=Admin" }),
     $(New-Object PSObject -Property @{Name = "Devices"; ParentOU = "ou=Tier2,ou=Admin" })
 )
-.\Create-OU.ps1 -OUs $OUs -Verbose
-#endRegion
+.$ScriptsLocation\Scripts\Create-OU.ps1 -OUs $OUs
 
-#region Create Sub Groups OU's
 $OUs = @(
     $(New-Object PSObject -Property @{Name = "Security Groups"; ParentOU = "ou=Groups" }),
     $(New-Object PSObject -Property @{Name = "Distribution Groups"; ParentOU = "ou=Groups" }),
     $(New-Object PSObject -Property @{Name = "Contacts"; ParentOU = "ou=Groups" })
 )
-.\Create-OU.ps1 -OUs $OUs -Verbose
+.$ScriptsLocation\Scripts\Create-OU.ps1 -OUs $OUs
+
 $OUs = @(
     $(New-Object PSObject -Property @{Name = "Application"; ParentOU = "ou=Tier 1 Servers" }),
     $(New-Object PSObject -Property @{Name = "Collaboration"; ParentOU = "ou=Tier 1 Servers" }),
@@ -54,24 +57,28 @@ $OUs = @(
     $(New-Object PSObject -Property @{Name = "Messaging"; ParentOU = "ou=Tier 1 Servers" }),
     $(New-Object PSObject -Property @{Name = "Staging"; ParentOU = "ou=Tier 1 Servers" })
 )
-.\Create-OU.ps1 -OUs $OUs -Verbose
+.$ScriptsLocation\Scripts\Create-OU.ps1 -OUs $OUs
+
 $OUs = @(
     $(New-Object PSObject -Property @{Name = "Desktops"; ParentOU = "ou=Workstations" }),
     $(New-Object PSObject -Property @{Name = "Kiosks"; ParentOU = "ou=Workstations" }),
     $(New-Object PSObject -Property @{Name = "Laptops"; ParentOU = "ou=Workstations" }),
     $(New-Object PSObject -Property @{Name = "Staging"; ParentOU = "ou=Workstations" })
 )
-.\Create-OU.ps1 -OUs $OUs -Verbose
-#endRegion
+.$ScriptsLocation\Scripts\Create-OU.ps1 -OUs $OUs
 
-#region Create Sub User Accounts OU's
 $OUs = @(
     $(New-Object PSObject -Property @{Name = "Enabled Users"; ParentOU = "ou=User Accounts" }),
     $(New-Object PSObject -Property @{Name = "Disabled Users"; ParentOU = "ou=User Accounts" })
 )
-.\Create-OU.ps1 -OUs $OUs -Verbose
+.$ScriptsLocation\Scripts\Create-OU.ps1 -OUs $OUs
 #endRegion
 
+#create Tiering OUs v2 
+$domainOUSCsv = Import-Csv -Path "$ScriptsLocation\DomainOUs.csv"
+.$ScriptsLocation\Scripts\Create-OU.ps1 -OUs $domainOUSCsv    
+#endregion
+
 #Region Block inheritance for PAW OUs
 Set-GpInheritance -Target "OU=Devices,OU=Tier0,OU=Admin,$dnc" -IsBlocked Yes | Out-Null
 Set-GpInheritance -Target "OU=Devices,OU=Tier1,OU=Admin,$dnc" -IsBlocked Yes | Out-Null
@@ -79,10 +86,10 @@ Set-GpInheritance -Target "OU=Devices,OU=Tier2,OU=Admin,$dnc" -IsBlocked Yes | O
 #endRegion
 
 #Region create Groups 
-$csv = Read-Host -Prompt "Please provide full path to Admin Groups csv file"
-.\Create-Group.ps1 -CSVfile $csv -Verbose
-$csv = Read-Host -Prompt "Please provide full path to Standard Groups csv file"
-.\Create-Group.ps1 -CSVfile $csv -Verbose
+$csv = "$ScriptsLocation\AdminGroups.csv"
+.$ScriptsLocation\Scripts\Create-Group.ps1 -CSVfile $csv
+$csv = "$ScriptsLocation\StandardGroups.csv"
+.$ScriptsLocation\Scripts\Create-Group.ps1 -CSVfile $csv
 #endRegion
 
 
@@ -94,37 +101,37 @@ $List = @(
     $(New-Object PSObject -Property @{Group = "Tier2Admins"; OUPrefix = "OU=Accounts,ou=Tier2,ou=Admin" }),
     $(New-Object PSObject -Property @{Group = "Tier2Admins"; OUPrefix = "OU=Service Accounts,ou=Tier2,ou=Admin" })
 )
-.\Set-OUUserPermissions.ps1 -list $list -Verbose 
+.$ScriptsLocation\Scripts\Set-OUUserPermissions.ps1 -list $list 
 
 $List = @(
     $(New-Object PSObject -Property @{Group = "Tier2ServiceDeskOperators"; OUPrefix = "OU=Workstations" }),
     $(New-Object PSObject -Property @{Group = "Tier1Admins"; OUPrefix = "OU=Devices,ou=Tier1,ou=Admin" }),
     $(New-Object PSObject -Property @{Group = "Tier2Admins"; OUPrefix = "OU=Devices,ou=Tier2,ou=Admin" })
 )
-.\Set-OUWorkstationPermissions.ps1 -list $list -Verbose
+.$ScriptsLocation\Scripts\Set-OUWorkstationPermissions.ps1 -list $list
 
 $List = @(
     $(New-Object PSObject -Property @{Group = "Tier1Admins"; OUPrefix = "OU=Groups,ou=Tier1,ou=Admin"}),
     $(New-Object PSObject -Property @{Group = "Tier2Admins"; OUPrefix = "OU=Groups,ou=Tier2,ou=Admin"})
 )
-.\Set-OUGroupPermissions.ps1 -list $list -Verbose
+.$ScriptsLocation\Scripts\Set-OUGroupPermissions.ps1 -list $list
 
 $List = @(
-    $(New-Object PSObject -Property @{Group = "Tier2Tier2WorkstationMaintenance"; OUPrefix = "OU=Quarantine" }),
+    $(New-Object PSObject -Property @{Group = "Tier2WorkstationMaintenance"; OUPrefix = "OU=Quarantine" }),
     $(New-Object PSObject -Property @{Group = "Tier2WorkstationMaintenance"; OUPrefix = "OU=Workstations" }),
     $(New-Object PSObject -Property @{Group = "Tier1ServerMaintenance"; OUPrefix = "OU=Tier 1 Servers" })
 )
-.\Set-OUComputerPermissions.ps1 -list $list -Verbose
+.$ScriptsLocation\Scripts\Set-OUComputerPermissions.ps1 -list $list
 
 $List = @(
     $(New-Object PSObject -Property @{Group = "Tier0ReplicationMaintenance"; OUPrefix = "" })
 )
-.\Set-OUReplicationPermissions.ps1 -list $list -Verbose
+.$ScriptsLocation\Scripts\Set-OUReplicationPermissions.ps1 -list $list
 
 $List = @(
     $(New-Object PSObject -Property @{Group = "Tier1ServerMaintenance"; OUPrefix = "OU=Tier 1 Servers" })
 )
-.\Set-OUGPOPermissions.ps1 -list $list -Verbose
+.$ScriptsLocation\Scripts\Set-OUGPOPermissions.ps1 -list $list
 
 #endRegion
 
diff --git a/WindowsLAPS/GPO/manifest.xml b/WindowsLAPS/GPO/manifest.xml
new file mode 100644
index 0000000..857bbda
--- /dev/null
+++ b/WindowsLAPS/GPO/manifest.xml
@@ -0,0 +1 @@
+<Backups xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" xmlns:mfst="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" mfst:version="1.0"><BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{DE1D8D58-DF39-45C8-BDA1-4AB03547D17E}]]></GPOGuid><GPODomain><![CDATA[azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{b436812e-5d65-4e65-80bb-c0743172c97d}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc1-plc.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2024-01-19T20:09:50]]></BackupTime><ID><![CDATA[{53E7FAC6-90D1-448F-9671-AC9638CC7495}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[WindowsLAPS]]></GPODisplayName></BackupInst><BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{26A49FFA-CDC7-4F7D-8E29-EFDC99CD51B1}]]></GPOGuid><GPODomain><![CDATA[azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{b436812e-5d65-4e65-80bb-c0743172c97d}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc1-plc.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2024-01-19T20:09:40]]></BackupTime><ID><![CDATA[{22BC0CCF-E1A4-4D16-B3B9-5AA25D1735DB}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[WindowsLAPS_DSRM]]></GPODisplayName></BackupInst></Backups>
\ No newline at end of file
diff --git a/WindowsLAPS/GPO/{22BC0CCF-E1A4-4D16-B3B9-5AA25D1735DB}/Backup.xml b/WindowsLAPS/GPO/{22BC0CCF-E1A4-4D16-B3B9-5AA25D1735DB}/Backup.xml
new file mode 100644
index 0000000..f7d45c5
--- /dev/null
+++ b/WindowsLAPS/GPO/{22BC0CCF-E1A4-4D16-B3B9-5AA25D1735DB}/Backup.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation.  All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
+    <GroupPolicyObject><SecurityGroups><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-2423991442-910697114-2932173334-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[AZUREBLOG]]></NetBIOSDomainName><DnsDomainName><![CDATA[azureblog.pl]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@azureblog.pl]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-2423991442-910697114-2932173334-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[AZUREBLOG]]></NetBIOSDomainName><DnsDomainName><![CDATA[azureblog.pl]]></DnsDomainName><UPN><![CDATA[Domain Admins@azureblog.pl]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{26A49FFA-CDC7-4F7D-8E29-EFDC99CD51B1}]]></ID><Domain><![CDATA[azureblog.pl]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 92 2c 7b 90 9a 22 48 36 16 6a c5 ae 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 92 2c 7b 90 9a 22 48 36 16 6a c5 ae 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 92 2c 7b 90 9a 22 48 36 16 6a c5 ae 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[WindowsLAPS_DSRM]]></DisplayName><Options><![CDATA[1]]></Options><UserVersionNumber><![CDATA[0]]></UserVersionNumber><MachineVersionNumber><![CDATA[131074]]></MachineVersionNumber><MachineExtensionGuids><![CDATA[[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F72-3407-48AE-BA88-E8213C6761F1}]]]></MachineExtensionGuids><UserExtensionGuids/><WMIFilter/></GroupPolicyCoreSettings> 
+        <GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
+            <FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\registry.pol" bkp:SourceExpandedPath="\\vm-dc1-plc.azureblog.pl\sysvol\azureblog.pl\Policies\{26A49FFA-CDC7-4F7D-8E29-EFDC99CD51B1}\Machine\registry.pol" bkp:Location="DomainSysvol\GPO\Machine\registry.pol"/>
+            
+            <FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\vm-dc1-plc.azureblog.pl\sysvol\azureblog.pl\Policies\{26A49FFA-CDC7-4F7D-8E29-EFDC99CD51B1}\Adm\*.*"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+        
+        
+        
+        
+        
+    <GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Applications" bkp:SourceExpandedPath="\\vm-dc1-plc.azureblog.pl\sysvol\azureblog.pl\Policies\{26A49FFA-CDC7-4F7D-8E29-EFDC99CD51B1}\Machine\Applications" bkp:Location="DomainSysvol\GPO\Machine\Applications"/><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\comment.cmtx" bkp:SourceExpandedPath="\\vm-dc1-plc.azureblog.pl\sysvol\azureblog.pl\Policies\{26A49FFA-CDC7-4F7D-8E29-EFDC99CD51B1}\Machine\comment.cmtx" bkp:Location="DomainSysvol\GPO\Machine\comment.cmtx"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts" bkp:SourceExpandedPath="\\vm-dc1-plc.azureblog.pl\sysvol\azureblog.pl\Policies\{26A49FFA-CDC7-4F7D-8E29-EFDC99CD51B1}\Machine\Scripts" bkp:Location="DomainSysvol\GPO\Machine\Scripts"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Shutdown" bkp:SourceExpandedPath="\\vm-dc1-plc.azureblog.pl\sysvol\azureblog.pl\Policies\{26A49FFA-CDC7-4F7D-8E29-EFDC99CD51B1}\Machine\Scripts\Shutdown" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Shutdown"/><FSObjectDir bkp:Path="%GPO_MACH_FSPATH%\Scripts\Startup" bkp:SourceExpandedPath="\\vm-dc1-plc.azureblog.pl\sysvol\azureblog.pl\Policies\{26A49FFA-CDC7-4F7D-8E29-EFDC99CD51B1}\Machine\Scripts\Startup" bkp:Location="DomainSysvol\GPO\Machine\Scripts\Startup"/></GroupPolicyExtension></GroupPolicyObject>
+</GroupPolicyBackupScheme>
\ No newline at end of file
diff --git a/WindowsLAPS/GPO/{22BC0CCF-E1A4-4D16-B3B9-5AA25D1735DB}/DomainSysvol/GPO/Machine/comment.cmtx b/WindowsLAPS/GPO/{22BC0CCF-E1A4-4D16-B3B9-5AA25D1735DB}/DomainSysvol/GPO/Machine/comment.cmtx
new file mode 100644
index 0000000..927f9a3
--- /dev/null
+++ b/WindowsLAPS/GPO/{22BC0CCF-E1A4-4D16-B3B9-5AA25D1735DB}/DomainSysvol/GPO/Machine/comment.cmtx
@@ -0,0 +1,12 @@
+<?xml version='1.0' encoding='utf-8'?>
+<policyComments xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://www.microsoft.com/GroupPolicy/CommentDefinitions">
+  <policyNamespaces>
+    <using prefix="ns0" namespace="Microsoft.Policies.LAPS"></using>
+  </policyNamespaces>
+  <comments>
+    <admTemplate></admTemplate>
+  </comments>
+  <resources minRequiredRevision="1.0">
+    <stringTable></stringTable>
+  </resources>
+</policyComments>
\ No newline at end of file
diff --git a/WindowsLAPS/GPO/{22BC0CCF-E1A4-4D16-B3B9-5AA25D1735DB}/DomainSysvol/GPO/Machine/registry.pol b/WindowsLAPS/GPO/{22BC0CCF-E1A4-4D16-B3B9-5AA25D1735DB}/DomainSysvol/GPO/Machine/registry.pol
new file mode 100644
index 0000000..abb427e
Binary files /dev/null and b/WindowsLAPS/GPO/{22BC0CCF-E1A4-4D16-B3B9-5AA25D1735DB}/DomainSysvol/GPO/Machine/registry.pol differ
diff --git a/WindowsLAPS/GPO/{22BC0CCF-E1A4-4D16-B3B9-5AA25D1735DB}/bkupInfo.xml b/WindowsLAPS/GPO/{22BC0CCF-E1A4-4D16-B3B9-5AA25D1735DB}/bkupInfo.xml
new file mode 100644
index 0000000..4652741
--- /dev/null
+++ b/WindowsLAPS/GPO/{22BC0CCF-E1A4-4D16-B3B9-5AA25D1735DB}/bkupInfo.xml
@@ -0,0 +1 @@
+<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{26A49FFA-CDC7-4F7D-8E29-EFDC99CD51B1}]]></GPOGuid><GPODomain><![CDATA[azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{b436812e-5d65-4e65-80bb-c0743172c97d}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc1-plc.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2024-01-19T20:09:40]]></BackupTime><ID><![CDATA[{22BC0CCF-E1A4-4D16-B3B9-5AA25D1735DB}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[WindowsLAPS_DSRM]]></GPODisplayName></BackupInst>
diff --git a/WindowsLAPS/GPO/{22BC0CCF-E1A4-4D16-B3B9-5AA25D1735DB}/gpreport.xml b/WindowsLAPS/GPO/{22BC0CCF-E1A4-4D16-B3B9-5AA25D1735DB}/gpreport.xml
new file mode 100644
index 0000000..7110156
Binary files /dev/null and b/WindowsLAPS/GPO/{22BC0CCF-E1A4-4D16-B3B9-5AA25D1735DB}/gpreport.xml differ
diff --git a/WindowsLAPS/GPO/{53E7FAC6-90D1-448F-9671-AC9638CC7495}/Backup.xml b/WindowsLAPS/GPO/{53E7FAC6-90D1-448F-9671-AC9638CC7495}/Backup.xml
new file mode 100644
index 0000000..2ea62f3
--- /dev/null
+++ b/WindowsLAPS/GPO/{53E7FAC6-90D1-448F-9671-AC9638CC7495}/Backup.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?><!-- Copyright (c) Microsoft Corporation.  All rights reserved. --><GroupPolicyBackupScheme bkp:version="2.0" bkp:type="GroupPolicyBackupTemplate" xmlns:bkp="http://www.microsoft.com/GroupPolicy/GPOOperations" xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations">
+    <GroupPolicyObject><SecurityGroups><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-2423991442-910697114-2932173334-519]]></Sid><SamAccountName><![CDATA[Enterprise Admins]]></SamAccountName><Type><![CDATA[UniversalGroup]]></Type><NetBIOSDomainName><![CDATA[AZUREBLOG]]></NetBIOSDomainName><DnsDomainName><![CDATA[azureblog.pl]]></DnsDomainName><UPN><![CDATA[Enterprise Admins@azureblog.pl]]></UPN></Group><Group bkp:Source="FromDACL"><Sid><![CDATA[S-1-5-21-2423991442-910697114-2932173334-512]]></Sid><SamAccountName><![CDATA[Domain Admins]]></SamAccountName><Type><![CDATA[GlobalGroup]]></Type><NetBIOSDomainName><![CDATA[AZUREBLOG]]></NetBIOSDomainName><DnsDomainName><![CDATA[azureblog.pl]]></DnsDomainName><UPN><![CDATA[Domain Admins@azureblog.pl]]></UPN></Group></SecurityGroups><FilePaths/><GroupPolicyCoreSettings><ID><![CDATA[{DE1D8D58-DF39-45C8-BDA1-4AB03547D17E}]]></ID><Domain><![CDATA[azureblog.pl]]></Domain><SecurityDescriptor>01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 92 2c 7b 90 9a 22 48 36 16 6a c5 ae 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 92 2c 7b 90 9a 22 48 36 16 6a c5 ae 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 92 2c 7b 90 9a 22 48 36 16 6a c5 ae 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00</SecurityDescriptor><DisplayName><![CDATA[WindowsLAPS]]></DisplayName><Options><![CDATA[1]]></Options><UserVersionNumber><![CDATA[0]]></UserVersionNumber><MachineVersionNumber><![CDATA[327685]]></MachineVersionNumber><MachineExtensionGuids><![CDATA[[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F72-3407-48AE-BA88-E8213C6761F1}]]]></MachineExtensionGuids><UserExtensionGuids/><WMIFilter/></GroupPolicyCoreSettings> 
+        <GroupPolicyExtension bkp:ID="{35378EAC-683F-11D2-A89A-00C04FBBCFA2}" bkp:DescName="Registry">
+            <FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\registry.pol" bkp:SourceExpandedPath="\\vm-dc1-plc.azureblog.pl\sysvol\azureblog.pl\Policies\{DE1D8D58-DF39-45C8-BDA1-4AB03547D17E}\Machine\registry.pol" bkp:Location="DomainSysvol\GPO\Machine\registry.pol"/>
+            
+            <FSObjectFile bkp:Path="%GPO_FSPATH%\Adm\*.*" bkp:SourceExpandedPath="\\vm-dc1-plc.azureblog.pl\sysvol\azureblog.pl\Policies\{DE1D8D58-DF39-45C8-BDA1-4AB03547D17E}\Adm\*.*"/>
+        </GroupPolicyExtension>
+        
+        
+        
+        
+        
+        
+        
+        
+        
+    <GroupPolicyExtension bkp:ID="{F15C46CD-82A0-4C2D-A210-5D0D3182A418}" bkp:DescName="Unknown Extension"><FSObjectFile bkp:Path="%GPO_MACH_FSPATH%\comment.cmtx" bkp:SourceExpandedPath="\\vm-dc1-plc.azureblog.pl\sysvol\azureblog.pl\Policies\{DE1D8D58-DF39-45C8-BDA1-4AB03547D17E}\Machine\comment.cmtx" bkp:Location="DomainSysvol\GPO\Machine\comment.cmtx"/></GroupPolicyExtension></GroupPolicyObject>
+</GroupPolicyBackupScheme>
\ No newline at end of file
diff --git a/WindowsLAPS/GPO/{53E7FAC6-90D1-448F-9671-AC9638CC7495}/DomainSysvol/GPO/Machine/comment.cmtx b/WindowsLAPS/GPO/{53E7FAC6-90D1-448F-9671-AC9638CC7495}/DomainSysvol/GPO/Machine/comment.cmtx
new file mode 100644
index 0000000..927f9a3
--- /dev/null
+++ b/WindowsLAPS/GPO/{53E7FAC6-90D1-448F-9671-AC9638CC7495}/DomainSysvol/GPO/Machine/comment.cmtx
@@ -0,0 +1,12 @@
+<?xml version='1.0' encoding='utf-8'?>
+<policyComments xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://www.microsoft.com/GroupPolicy/CommentDefinitions">
+  <policyNamespaces>
+    <using prefix="ns0" namespace="Microsoft.Policies.LAPS"></using>
+  </policyNamespaces>
+  <comments>
+    <admTemplate></admTemplate>
+  </comments>
+  <resources minRequiredRevision="1.0">
+    <stringTable></stringTable>
+  </resources>
+</policyComments>
\ No newline at end of file
diff --git a/WindowsLAPS/GPO/{53E7FAC6-90D1-448F-9671-AC9638CC7495}/DomainSysvol/GPO/Machine/registry.pol b/WindowsLAPS/GPO/{53E7FAC6-90D1-448F-9671-AC9638CC7495}/DomainSysvol/GPO/Machine/registry.pol
new file mode 100644
index 0000000..1a163b6
Binary files /dev/null and b/WindowsLAPS/GPO/{53E7FAC6-90D1-448F-9671-AC9638CC7495}/DomainSysvol/GPO/Machine/registry.pol differ
diff --git a/WindowsLAPS/GPO/{53E7FAC6-90D1-448F-9671-AC9638CC7495}/bkupInfo.xml b/WindowsLAPS/GPO/{53E7FAC6-90D1-448F-9671-AC9638CC7495}/bkupInfo.xml
new file mode 100644
index 0000000..a0dae09
--- /dev/null
+++ b/WindowsLAPS/GPO/{53E7FAC6-90D1-448F-9671-AC9638CC7495}/bkupInfo.xml
@@ -0,0 +1 @@
+<BackupInst xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest"><GPOGuid><![CDATA[{DE1D8D58-DF39-45C8-BDA1-4AB03547D17E}]]></GPOGuid><GPODomain><![CDATA[azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{b436812e-5d65-4e65-80bb-c0743172c97d}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc1-plc.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2024-01-19T20:09:50]]></BackupTime><ID><![CDATA[{53E7FAC6-90D1-448F-9671-AC9638CC7495}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[WindowsLAPS]]></GPODisplayName></BackupInst>
diff --git a/WindowsLAPS/GPO/{53E7FAC6-90D1-448F-9671-AC9638CC7495}/gpreport.xml b/WindowsLAPS/GPO/{53E7FAC6-90D1-448F-9671-AC9638CC7495}/gpreport.xml
new file mode 100644
index 0000000..c55f6c0
Binary files /dev/null and b/WindowsLAPS/GPO/{53E7FAC6-90D1-448F-9671-AC9638CC7495}/gpreport.xml differ
diff --git a/WindowsLAPS/Reports/WindowsLAPS.htm b/WindowsLAPS/Reports/WindowsLAPS.htm
new file mode 100644
index 0000000..241ec87
Binary files /dev/null and b/WindowsLAPS/Reports/WindowsLAPS.htm differ
diff --git a/WindowsLAPS/Reports/WindowsLAPS_DSRM.htm b/WindowsLAPS/Reports/WindowsLAPS_DSRM.htm
new file mode 100644
index 0000000..b1ae2fc
Binary files /dev/null and b/WindowsLAPS/Reports/WindowsLAPS_DSRM.htm differ
diff --git a/WindowsLAPS/Scripts/Import-GPO.ps1 b/WindowsLAPS/Scripts/Import-GPO.ps1
new file mode 100644
index 0000000..624e346
--- /dev/null
+++ b/WindowsLAPS/Scripts/Import-GPO.ps1
@@ -0,0 +1,36 @@
+<#
+    .Example
+    $BackupPath = Read-Host -Prompt "Please provide full path to GPO backups"
+    .\Import-GPO.ps1 -BackupPath $BackupPath -Verbose
+
+#>
+
+[CmdletBinding()]
+param(
+    [Parameter(Mandatory = $True)][string] $BackupPath,
+    [string] $GPOMigrationTable
+)
+
+$backupList = Get-ChildItem -Path $BackupPath -Exclude "manifest.xml"
+Set-Location $BackupPath
+$location = Get-Location
+foreach ($item in $backupList){
+    $backupID = $null
+    $xmlFilePath = $null
+    $gpoName = $null
+    $backupID = $item.name -replace "{","" -replace "}",""
+    $xmlFilePath = ".\$($item.name)\gpreport.xml"
+    [xml]$xmlFile = Get-Content -Path $xmlFilePath
+    $gpoName = $xmlFile.GPO.Name
+    Write-Host "Importing new GPO '$gpoName' with GUID '$backupID'" -ForegroundColor Green
+    Write-Host "Please remember to update proper groups in GPO settings" -ForegroundColor Green
+    if ($GPOMigrationTable -eq "") {
+        Write-Verbose 'Import-GPO -BackupId $backupID -TargetName $gpoName -Path $BackupPath -CreateIfNeeded'
+        Import-GPO -BackupId $backupID -TargetName $gpoName -Path $BackupPath -CreateIfNeeded
+    }
+    else {
+        Write-Verbose 'Import-GPO -BackupId $backupID -TargetName $gpoName -Path $BackupPath -MigrationTable $GPOMigrationTable -CreateIfNeeded'
+        Import-GPO -BackupId $backupID -TargetName $gpoName -Path $BackupPath -MigrationTable $GPOMigrationTable -CreateIfNeeded
+    }    
+    Set-Location $location
+}
\ No newline at end of file
diff --git a/WindowsLAPS/Scripts/Link-GpoToOU.ps1 b/WindowsLAPS/Scripts/Link-GpoToOU.ps1
new file mode 100644
index 0000000..f710fa5
--- /dev/null
+++ b/WindowsLAPS/Scripts/Link-GpoToOU.ps1
@@ -0,0 +1,31 @@
+<#
+    .EXAMPLE
+    $GpoLinks = @(
+        $(New-Object PSObject -Property @{ Name = "POLICYNAME" ; OU = "OUPATH"; Order = 1; LinkEnabled = 'YES'}),
+    )
+    .\Link-GpoToOU.ps1 -GpoLinks $GpoLinks -Verbose
+#>
+
+
+[CmdletBinding()]
+param(
+    [Parameter(Mandatory = $True)][PSObject] $GpoLinks
+)
+Import-Module ActiveDirectory
+$DC = (Get-ADDomain).DistinguishedName
+
+$GpoLinks | foreach-Object {
+    $name = $_.Name
+    $OU = $_.ou
+    $order = $_.Order
+    $LinkEnabled = $_.LinkEnabled
+    if ($OU -eq "") {
+        
+        $ouPath = $DC
+    }
+    else {
+        $ouPath = "$OU,$DC"
+    }
+    Write-Verbose "Linking GPO '$name' into OU '$ouPath'"
+    New-GPLink -Name $name -Target $ouPath -LinkEnabled $LinkEnabled -Order $order
+}
diff --git a/WindowsLAPS/WindowsLAPS_steps.ps1 b/WindowsLAPS/WindowsLAPS_steps.ps1
new file mode 100644
index 0000000..4b46017
--- /dev/null
+++ b/WindowsLAPS/WindowsLAPS_steps.ps1
@@ -0,0 +1,63 @@
+Throw "this is not a robust file - and works on 2016 Domain Functional Level"
+
+$location = Get-Location
+$dsnAME = (Get-ADDomain).DistinguishedName
+$netbios = (Get-ADDomain).Name
+$ScriptsLocation =  "C:\Tools\ADSecurity\WindowsLAPS"
+Set-Location $ScriptsLocation
+
+#Region Update Policy Definitions
+    Copy-Item C:\Windows\PolicyDefinitions -Recurse -Destination C:\Windows\Sysvol\domain\Policies\ -Force
+#endREgion
+
+
+#region WindowsLaps Schema
+	Update-LapsADSchema -Verbose
+#endregion
+
+#region GrantPermissions
+	Set-LapsADComputerSelfPermission -Identity "OU=Devices,OU=Tier0,OU=Admin,$dsname"
+	Set-LapsADComputerSelfPermission -Identity "OU=Tier0 Servers,OU=Tier0,OU=Admin,$dsname"
+	Set-LapsADComputerSelfPermission -Identity "OU=Devices,OU=Tier1,OU=Admin,$dsname"
+	Set-LapsADComputerSelfPermission -Identity "OU=Tier 1 Servers,$dsname"
+	Set-LapsADComputerSelfPermission -Identity "CN=Computers,$dsname"
+	Set-LapsADComputerSelfPermission -Identity "OU=Quarantine,$dsname"
+#endregion
+
+#region Allow users to read passwords
+
+    Set-LapsADReadPasswordPermission -Identity "OU=Devices,OU=Tier0,OU=Admin,$dsname" -AllowedPrincipals "Domain Admins"
+    Set-LapsADReadPasswordPermission -Identity "OU=Tier0 Servers,OU=Tier0,OU=Admin,$dsname" -AllowedPrincipals "Domain Admins"
+    Set-LapsADReadPasswordPermission -Identity "OU=Devices,OU=Tier1,OU=Admin,$dsname" -AllowedPrincipals "Domain Admins","$netbios\tier1admins"
+    Set-LapsADReadPasswordPermission -Identity "OU=Tier 1 Servers,$dsname" -AllowedPrincipals "Domain Admins","$netbios\tier1admins"
+    Set-LapsADReadPasswordPermission -Identity "CN=Computers,$dsname" -AllowedPrincipals "Domain Admins","$netbios\tier2admins"
+    Set-LapsADReadPasswordPermission -Identity "OU=Quarantine,$dsname" -AllowedPrincipals "Domain Admins","$netbios\tier2admins"
+#endregion
+
+#region Alow users to reset passwords
+    Set-LapsADResetPasswordPermission -Identity "OU=Devices,OU=Tier0,OU=Admin,$dsname" -AllowedPrincipals "Domain Admins"
+    Set-LapsADResetPasswordPermission -Identity "OU=Tier0 Servers,OU=Tier0,OU=Admin,$dsname" -AllowedPrincipals "Domain Admins"
+    Set-LapsADResetPasswordPermission -Identity "OU=Devices,OU=Tier1,OU=Admin,$dsname" -AllowedPrincipals "Domain Admins","$netbios\tier1admins"
+    Set-LapsADResetPasswordPermission -Identity "OU=Tier 1 Servers,$dsname" -AllowedPrincipals "Domain Admins","$netbios\tier1admins"
+    Set-LapsADResetPasswordPermission -Identity "CN=Computers,$dsname" -AllowedPrincipals "Domain Admins","$netbios\tier2admins"
+    Set-LapsADResetPasswordPermission -Identity "OU=Quarantine,$dsname" -AllowedPrincipals "Domain Admins","$netbios\tier2admins"
+#endregion
+
+#region GPOImport
+    $backupPath = "$ScriptsLocation\GPO"
+    .$ScriptsLocation\Scripts\Import-GPO.ps1 -BackupPath $backupPath -Verbose
+    cd $location
+#endregion
+
+#region LinkGPO
+   $GpoLinks = @(
+        $(New-Object PSObject -Property @{ Name = "WindowsLAPS_DSRM" ; OU = "OU=Domain Controllers"; Order = 1 ;LinkEnabled = 'YES'}),
+        $(New-Object PSObject -Property @{ Name = "WindowsLAPS" ; OU = "OU=Devices,OU=Tier0,OU=Admin"; Order = 1 ;LinkEnabled = 'YES'}),
+        $(New-Object PSObject -Property @{ Name = "WindowsLAPS" ; OU = "OU=Tier0 Servers,OU=Tier0,OU=Admin"; Order = 1 ;LinkEnabled = 'YES'}),
+        $(New-Object PSObject -Property @{ Name = "WindowsLAPS" ; OU = "OU=Devices,OU=Tier1,OU=Admin"; Order = 1 ;LinkEnabled = 'YES'}),
+        $(New-Object PSObject -Property @{ Name = "WindowsLAPS" ; OU = "OU=Tier 1 Servers"; Order = 1 ;LinkEnabled = 'YES'}),
+        $(New-Object PSObject -Property @{ Name = "WindowsLAPS" ; OU = "OU=Quarantine"; Order = 1 ;LinkEnabled = 'YES'})
+    )
+    .$ScriptsLocation\Scripts\Link-GpoToOU.ps1 -GpoLinks $GpoLinks
+     cd $location
+#endregion
\ No newline at end of file
diff --git a/WindowsLAPS/manifest.xml b/WindowsLAPS/manifest.xml
new file mode 100644
index 0000000..89536c6
--- /dev/null
+++ b/WindowsLAPS/manifest.xml
@@ -0,0 +1 @@
+<Backups xmlns="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" xmlns:mfst="http://www.microsoft.com/GroupPolicy/GPOOperations/Manifest" mfst:version="1.0"><BackupInst><GPOGuid><![CDATA[{DE1D8D58-DF39-45C8-BDA1-4AB03547D17E}]]></GPOGuid><GPODomain><![CDATA[azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{b436812e-5d65-4e65-80bb-c0743172c97d}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc1-plc.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2024-01-19T20:09:50]]></BackupTime><ID><![CDATA[{53E7FAC6-90D1-448F-9671-AC9638CC7495}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[WindowsLAPS]]></GPODisplayName></BackupInst><BackupInst><GPOGuid><![CDATA[{26A49FFA-CDC7-4F7D-8E29-EFDC99CD51B1}]]></GPOGuid><GPODomain><![CDATA[azureblog.pl]]></GPODomain><GPODomainGuid><![CDATA[{b436812e-5d65-4e65-80bb-c0743172c97d}]]></GPODomainGuid><GPODomainController><![CDATA[vm-dc1-plc.azureblog.pl]]></GPODomainController><BackupTime><![CDATA[2024-01-19T20:09:40]]></BackupTime><ID><![CDATA[{22BC0CCF-E1A4-4D16-B3B9-5AA25D1735DB}]]></ID><Comment><![CDATA[]]></Comment><GPODisplayName><![CDATA[WindowsLAPS_DSRM]]></GPODisplayName></BackupInst></Backups>
\ No newline at end of file