2

I am trying to generate the RSOP from serveral of our servers. All I need are the Computer not the User results.

This is the PowerShell code I am using: 

$computers = (Get-ADComputer -Filter ... -SearchBase ...).Name 

foreach  ($computer in $computers)
{
    Get-GPResultantSetOfPolicy -Computer $computer -ReportType xml -Path ...
}

This is going to throw an exception on some of the servers which is basically saying I have never logged in and therefor no Profile exists.

Get-GPResultantSetOfPolicy : The Resultant Set of Policy (RSoP) report cannot be generated for user MyUser on the MyComputer computer because there is no RSoP logging data for that user on that computer. This could be because the user has never logged onto that computer. Parameter name: User At line:1 char:1 + Get-GPResultantSetOfPolicy -computer MyComputer -ReportType xml -path d:\ ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (Microsoft.Group...OfPolicyCommand:GetGPResultantSetOfPolicyCommand) [Get-GPResultantSetOfPolicy], ArgumentException + FullyQualifiedErrorId : NoLoggingData,Microsoft.GroupPolicy.Commands.GetGPResultantSetOfPolicyCommand

The default behaviour of this cmdlet is to use the default user, meaning the user executing the cmdlet.

Of course there is the -User parameter, that lets me choose a user, from which I know a loggin has happend on the target server (and therefor a windows profile exists). But this gets cumbersome as I would have to use e.g. Get-WmiObject Win32_UserProfile -ComputerName MyComputer first to retrieve a list of available user profiles and then choose one of them to execute Get-GPResultantSetOfPolicy later on...

The plain old gpresult.exe behaves exactly in the same odd way... I dont want/cant rdp into each server to generate a windows profile beforehand.

In my opinion there are two possibilites:

  1. Use Scripting to generate a windows profile on each server and then get back to Get-GPResultantSetOfPolicy
  2. RDP into each machine... (not feasable)

Questions:

  • Any other possibility I am missing?
  • How have others solved/worked around this issue?
  • How can I generate/create a Windows Profile using powershell without rdp'ing?
Matthias Güntert
  • 2,438
  • 12
  • 39
  • 59
  • I noticed you wrote that you tried GPRESULT, but did you also try the `/SCOPE COMPUTER` option with GPRESULT ? – Clayton Apr 25 '18 at 19:40
  • Never checked with Powershell, but checkout my answer for the cmd command gpresult, it could be the same "feature": https://serverfault.com/a/883515/274412 – curropar Apr 26 '18 at 19:01
  • Sorry, didn't read all the question until I finished to write my answer. So yes, we're on the same point: as far as I know, there's no other way except using an already existing profile. But about creating a remote profile, Enter-PSSession should work. – curropar Apr 26 '18 at 19:06

1 Answers1

0

I have the same situation and found a solution using gpresult. Here are my additions to your code fragment:

$computers = (Get-ADComputer -Filter ... -SearchBase ...).Name 

foreach  ($computer in $computers)
{
    $LogPath = "\\Fileserver\share\RSOP_" + $computer + "_" + $(get-date).tostring('yyyy-MM-dd_hhmmss') + ".html"

    gpresult /S:"$computer" /H:"$logpath" 
}

This takes each computer in your search and creates a RSOP log using the computer name and date run.

Hope this helps those looking for bulk RSOP reports.

Bryce
  • 1