GPO delegation Custom security settings

rated by 0 users
This post has 2 Replies | 2 Followers

Top 100 Contributor
Posts 33
freakling Posted: 03-07-2012 5:09 AM

Hello!

I'm not sure if this is the correct section, so please point me in the right direction if i'm wrong. Altso before i start i want to inform you that I'm still kinda new to PS scripting so the code might not be all that efficient.

I'm working on a script that takes complete backup on GPOs but i'm having trouble getting out the custom security settings. All that i can get now is <Permission>GpoCustom</Permission> when i set anything beside the preset security settings.

The script uses a config.xml file to get settings, which looks like this: http://pastebin.com/sC33recK

My Get-GPDelegation.ps1 takes the GPO name from the config and creates a xml file with all security settings. code found here:http://pastebin.com/VhTHcETD

Is there any way i can get out the exact security settings instead of GpoCustom? I can use the line "$delegation.Permission.value__" but it only returns a value that is the same for all custom settings.

I have been trying to find this out with "$gpm = New-Object -ComObject GPMgmt.GPM" but i cannot find any method.

The finished product should look like this

<backup folder>

  <gponame>

    <gpobackup> taken from another script

    <GPPermissions.xml>

  <gponame>

    <gpobackup> taken from another script

    <GPPermissions.xml>

 

 

Thanks in advance!

Freakling

Top 100 Contributor
Posts 33

Oh, and the xml looks something like this. Where "modified group" is the group that has the edited permissions

 

<Accountlist>

  <Account>

    <Trustee>Modified group</Trustee>

    <TrusteeType>Group</TrusteeType>

    <Permission>GpoCustom</Permission>

    <Inherited>False</Inherited>

  </Account>

  <Account>

    <Trustee>Domain Admins</Trustee>

    <TrusteeType>Group</TrusteeType>

    <Permission>GpoEditDeleteModifySecurity</Permission>

    <Inherited>False</Inherited>

  </Account>

  <Account>

    <Trustee>Enterprise Admins</Trustee>

    <TrusteeType>Group</TrusteeType>

    <Permission>GpoEditDeleteModifySecurity</Permission>

    <Inherited>False</Inherited>

  </Account>

  <Account>

    <Trustee>ENTERPRISE DOMAIN CONTROLLERS</Trustee>

    <TrusteeType>WellKnownGroup</TrusteeType>

    <Permission>GpoRead</Permission>

    <Inherited>False</Inherited>

  </Account>

  <Account>

    <Trustee>SYSTEM</Trustee>

    <TrusteeType>WellKnownGroup</TrusteeType>

    <Permission>GpoEditDeleteModifySecurity</Permission>

    <Inherited>False</Inherited>

  </Account>

</Accountlist>

Not Ranked
Posts 2

I have the same problem, did you ever find a solution?

Page 1 of 1 (3 items) | RSS
Copyright 2012 PowerShell.com. All rights reserved.