One-Liner: Use PowerShell to Get GPOs Containing User Settings

Last week we used Get-ADObject to find GPOs based on their flags attribute. We targeted GPOs that were configured with user settings enabled and computer settings disabled. This week we’ll find GPOs containing user settings. I’ll show you two ways, the second of which is preferred…   Way, the first – Get-GPOReport  Get-GPO -All | ForEach-Object {…

3

Use PowerShell to Get GPO Status Flag

Here’s an interesting little exercise in using Get-ADObject to see which parts of a Group Policy are enabled or disabled. By parts, I mean the User or Computer settings.     Over to Get-ADObject… #Constants New-Variable -Name UE_CE -Value 0 -Option Constant #User Enabled / Computer Enabled New-Variable -Name UD_CE -Value 1 -Option Constant #User Disabled /…

0

Use PowerShell to Decipher GPO Version Information

A Group Policy is made up of a GPC (Group Policy Container) and a GPT (Group Policy Template). The GPC resides in Active Directory. The GPT lives on the file system of a Domain Controller in SYSVOL. We have to ensure that these two components are synchronised: AD replication looks after the GPC; DFSR looks…

1

MS16-072 – Known Issue – Use PowerShell to Check GPOs

UPDATE – 30/06/2016 Official detect and fix script released. See here: Powershell script to adjust permissions for Authenticated Users on Group Policy   Further information: Deploying Group Policy Security Update MS16-072 \ KB3163622     Hello, There is a known issue with the application of particular GPOs once MS16-072 is applied. Click the following link and…

39

One-Liner: Specific GPO and DC Information from a Forest

Man, I love PowerShell one-liners. The efficiency, the elegance, the challenge! Here's one to give me a list of the domain names in a forest, the number of group policies per domain and the number of domain controllers per domain.   (Get-ADForest).Domains | ForEach-Object {"Domain Name`: $_"; "Number of GPOs`: $((Get-GPO -All -Domain $_ ).count)";…

1