I want to collect all the GPOs in a domain , for reviewing settings. How many ways are there to do it. I used Get-GPOREPORT in Powershell, but it gave a comprehensive html file, is these a way to collect and review the group policies individually? Please let me know your suggestions and questions if any.
Asked
Active
Viewed 659 times
1 Answers
2
This should get you started.
Foreach($Policy In Get-ChildItem \\$((Get-ADDomain).DNSRoot)\sysvol\$((Get-ADDomain).DNSRoot)\Policies)
{
Get-GPO -Guid $Policy.Name | Select *
# Now you have an individual GPO. Do something useful with it.
#
# DisplayName : Terminate Idle and Disconnected RDP Sessions
# DomainName : CONTOSO.COM
# Owner : CONTOSO\Domain Admins
# Id : f8858a61-91b4-4d1f-8d64-be6fa0252680
# GpoStatus : AllSettingsEnabled
# Description :
# CreationTime : 1/20/2014 11:57:50 AM
# ModificationTime : 6/3/2014 10:02:38 AM
# UserVersion : AD Version: 0, SysVol Version: 0
# ComputerVersion : AD Version: 4, SysVol Version: 4
# WmiFilter :
# Computer : Microsoft.GroupPolicy.ComputerConfiguration
# User : Microsoft.GroupPolicy.UserConfiguration
}
Edit: Duhhh I did it the hard way instead of just using Get-GPO -All. :)
Ryan Ries
- 55,481
- 10
- 142
- 199
-
Save yourself the second `Get-ADDomain` lookup with `"\\$(($d = (Get-ADDomain).DNSRoot))\sysvol\$d\Policies"` ;-) – Mathias R. Jessen Aug 07 '14 at 12:58