MY Boss was asked to get these reports ASAP, Please help me

rated by 0 users
This post has 7 Replies | 3 Followers

Not Ranked
Posts 3
vbr.mohan Posted: 02-11-2013 6:49 AM

1.       A list of all GPOs that run a script, what the scripts name is, and what it’s function is, if you can figure it out.  If the script is mapping drives, printers, or pulling files from a location we need to verify that those devices/locations/files still exist.

2.       A list of all GPOs that are not linked to anything, and if possible what their function is.

How can i get the Reports of GPO's which are running Scripts ?

Please Help me

Top 10 Contributor
Posts 1,289
Top Contributor

You could just have a quick look in the Policies folder on a DC and determine which GPO's have scripts by looking at the file structure. For example by running a Get-ChildItem command like this:

Get-ChildItem -Path '\\<yourdc>\SYSVOL\<yourdomain>.com\Policies' -Force -Recurse | Where-Object {!($_.PSIsContainer) -and ($_.FullName -match 'scripts')} | Select-Object -Property FullName

That should give you an idea, you just have to query the GUIDs to get the names of the actual GPOs.

Top 25 Contributor
Posts 516
Microsoft MVP
Top Contributor

You might find this article http://blogs.technet.com/b/heyscriptingguy/archive/2013/02/07/use-powershell-to-generate-and-parse-a-group-policy-object-report.aspx inspirational. There are also some other GPO-related posts there.

Top 25 Contributor
Posts 168

vbr,

 

Sounds like you inherited someone else's problem.  Here is some code that will show you which GPOs are linked to what.

Get-GPO -all |

ForEach {Get-GPOReport -Name $_.DisplayName -ReportType XML -Path e:\GPO.xml

  $Data = [xml](GetContent -path e:\GPO.xml)

  Write-Host $_.DisplayName + ---> " $Data.gpo.linksto.sompath}

 

 

It is not pretty, but it will show you the links.

Jason

Top 25 Contributor
Posts 168

Here is a function that will retrieve all the scripts in all the GPOs in you domain.  As for what the scripts do, you will have to read the scripts and figure that on out on your own.  To write a script to figure out what a script would do would be a monumental task. 

Function Get-GPOScripts

{

$GPOS = Get-GPO -all

ForEach ($GPO in $GPOs)

{

$Obj = New-Object -TypeName PSOBject

$Obj | Add-Member -MemberType NoteProperty -Name "GPO" -Value $GPO.Displayname

[xml]$xml = Get-GPOReport -Name $GPO.DisplayName -ReportType xml

$User = $xml.documentelement.user.extensiondata.extension.script.command

$computer = $xml.documentelement.Computer.extensiondata.extension.script.command

$Incriment = 1

$UserScript = @()

ForEach ($U in $User)

{

$US = New-Object -TypeName PSObject

$Script = ($U.Split("\"))[-1]

$US | Add-Member -MemberType NoteProperty -Name "Script" -Value $Script

$UserScript += $US

}

$ComputerScript = @()

ForEach ($C in $Computer)

{

$CS = New-Object -TypeName PSObject

$Script = ($C.Split("\"))[-1]

$CS | Add-Member -MemberType NoteProperty -Name "Script" -Value $Script

$ComputerScript += $CS

}

$Obj | Add-Member -MemberType NoteProperty -Name "UserScript" -Value $UserScript

$Obj | Add-Member -MemberType NoteProperty -Name "ComputerScript" -Value $ComputerScript

Write-Output $Obj

}

}  

Not Ranked
Posts 3

Getting this error for every policy

Default Domain Policy                                                               {@{Script=}}
You cannot call a method on a null-valued expression.
At line:16 char:20
+ $Script = ($U.Split <<<< ("\"))[-1]
    + CategoryInfo          : InvalidOperation: (Split:String) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression.
At line:24 char:20
+ $Script = ($C.Split <<<< ("\"))[-1]
    + CategoryInfo          : InvalidOperation: (Split:String) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

Not Ranked
Posts 3

Thanks alot..it works

Top 25 Contributor
Posts 168

Good, what was causing the bug?

Page 1 of 1 (8 items) | RSS
Copyright 2012 PowerShell.com. All rights reserved.