0

Looking to get all GPOs exported to a specific folder

When trying to get the GPOs from a DC with powershell like this: 

 Get-GPOReport -All -ReportType HTML -server 192.168.1.88 -Path c:\gpor-reports\GPOAll.html

I keep getting:

Get-GPOReport : Current security context is not associated with an Active Directory domain or forest. At line:1 char:1 + Get-GPOReport -All -ReportType HTML -server 192.168.1.90 -Path c:\gpo ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Get-GPOReport], ActiveDirectoryOperationException + FullyQualifiedErrorId : System.DirectoryServices.ActiveDirectory.ActiveDirectoryOperationException,Microsoft.Gro upPolicy.Commands.GetGpoReportCommand

This is a non-domain joined PC, am I able to get this report or use something else to get the html report I'm looking for? All GPOs on the domain exported to an HTML file.

Dustin Krauss
  • 43
  • 1
  • 1
  • 3

1 Answers1

0

Non domain joined PC, hmm. Is it a DC? I can't see how you're going to be able to access this if its not on the domain unless that cmdlet has a -Credential parameter but it doesn't look like it does.

mallockey
  • 56
  • 4
  • Exactly where I'm having trouble. I'm trying to think of any way around it where I can get access to the GPO. This powershell script would be to help with security audits and could be run from the DC but likely will be run from a computer just brought into the environment and the auditor given admin credentials and the FQDN or IP of the DC – Dustin Krauss May 19 '20 at 23:20
  • @DustinKrauss If you have admin credentials you can enable WinRM on the machine then use Invoke-Command to run Get-GPO report on the machine. That's the route I'd take. – mallockey May 20 '20 at 03:07