Sometimes I find myself being asked questions of what settings are applied through GPOs, lucky for me I know (more or less) the X types of name standards that the company applies to GPOs
Earlier I always started GPMC through a citrix Xenapp application which first prompts for your administrative account (small powershell script I wrote ) and then I go into the Group Policy Object Container or clicking through the different OUs to find the ones I want. Which takes a few minutes all in all.
But that’s for the first one, what if I want the settings from another one, the it takes a few minutes more.
Then I found a few Cmdlets that comes with the ActiveDirectory modules.
The important ones are
So, how to use them…. Say that you want to find all GPOs that contains the word 2008 in the name…
Get-GPO -all|where DisplayName -like *2008*
Hmm… That didn’t get me the interesting things… The settings… Let’s try this instead
Get-GPO -all|where DisplayName -like *2008*|Get-GPOReport -ReportType HTML|out-file .\2008_gpo.html
Very nice… And quick
Well, next thing.. I want a list over the GPOs that have been modified during the last day, how about this then
Get-GPO -all|where ModificationTime -gt (Get-Date).AddDays(-1)
And if you want the settings for them, just pipe it to Get-GPOReport as we did in the earlier example.
AS usual, if you have any questions or suggestions of improvment, just leave a comment