PowerShell: Find all group policies as per the required string

Labels:
Sometimes it happens when you are asked to check all group policies which has a particular settings. There could be many reasons for the same, like need to change the setting globally, or remove the setting. When you start working on it, you see thousands of group policies to check and make the changes.

Making change in the policy is not time consuming but to find all policy on which you need to make this change is really complicated and too time consuming.

Being a powershell lover, i created a script which will help you to get the list of all GPOs as per your passed string and its status whether it is linked or not.




#*==========================================================================================================================*#
# Serach GPOs by String
#*==========================================================================================================================*#
# Script Created By     :       Ashish Gupta
# Date                  :       6th January 2018
# Organisation          :       Freelance
# Description           :       This script will fetch all GPOs as per the string you pass in the script. Then it will check
#                               its all Links and their status
# OS Requirement        :       Windows Server 2012 R2 and Windows Server 2016
#*==========================================================================================================================*#
# Define variables
#*==========================================================================================================================*#
Import-Module -Name GroupPolicy
$search = Read-Host -Prompt "Enter the string you want to search for?"
$DomainName = $env:USERDNSDOMAIN
Write-Host "Going to search '$search' string in all GPOs......" -ForegroundColor Cyan -BackgroundColor Black
#*==========================================================================================================================*#
# Fetching all GPOS and match the string in each and every GPO.
#*==========================================================================================================================*#
Write-Host "Fetching all GPOs......" -ForegroundColor Cyan -BackgroundColor Black
$GPOs = Get-GPO -All -Domain $DomainName 
Write-Host "All GPOs have been fetched of $DomainName domain. Searching for the string '$search'......" -ForegroundColor Cyan -BackgroundColor Black

Foreach ($GPO in $GPOs){
$XMLReport = Get-GPOReport -Guid $GPO.Id -ReportType xml
$GPODisplayName = $GPO.DisplayName
    if ($XMLReport -match $search) {
    [xml]$linkto = Get-GPOReport $GPO.Id -ReportType xml
        $propertise = @{'GPOName'=$GPODisplayName;
        'LinksTo'= $LinkTo.GPO.LinksTo.SOMPath;}
            $object = New-Object -TypeName psobject -Property $propertise
            Write-Output $object
    }
}
#*==========================================================================================================================*#
# End of the Script.
#*==========================================================================================================================*#

Note : If you are confused which string to use to find all related GPOs. It would be good, if you select a GPO in which you have the string, open it in XML and see the setting on which you need to work. Select a unique string and use the same in the script.

Thank you
Posted by at Saturday, January 06, 2018

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)