1. A list of all GPOs that run a script, what the scripts name is, and what it’s function is, if you can figure it out. If the script is mapping drives, printers, or pulling files from a location we need to verify that those devices/locations/files still exist.
2. A list of all GPOs that are not linked to anything, and if possible what their function is.
How can i get the Reports of GPO's which are running Scripts ?
Please Help me
You could just have a quick look in the Policies folder on a DC and determine which GPO's have scripts by looking at the file structure. For example by running a Get-ChildItem command like this:
Get-ChildItem -Path '\\<yourdc>\SYSVOL\<yourdomain>.com\Policies' -Force -Recurse | Where-Object {!($_.PSIsContainer) -and ($_.FullName -match 'scripts')} | Select-Object -Property FullName
That should give you an idea, you just have to query the GUIDs to get the names of the actual GPOs.
You might find this article http://blogs.technet.com/b/heyscriptingguy/archive/2013/02/07/use-powershell-to-generate-and-parse-a-group-policy-object-report.aspx inspirational. There are also some other GPO-related posts there.
vbr,
Sounds like you inherited someone else's problem. Here is some code that will show you which GPOs are linked to what.
Get-GPO -all |
ForEach {Get-GPOReport -Name $_.DisplayName -ReportType XML -Path e:\GPO.xml
$Data = [xml](GetContent -path e:\GPO.xml)
Write-Host $_.DisplayName + ---> " $Data.gpo.linksto.sompath}
It is not pretty, but it will show you the links.
Jason
Here is a function that will retrieve all the scripts in all the GPOs in you domain. As for what the scripts do, you will have to read the scripts and figure that on out on your own. To write a script to figure out what a script would do would be a monumental task.
Function Get-GPOScripts
{
$GPOS = Get-GPO -all
ForEach ($GPO in $GPOs)
$Obj = New-Object -TypeName PSOBject
$Obj | Add-Member -MemberType NoteProperty -Name "GPO" -Value $GPO.Displayname
[xml]$xml = Get-GPOReport -Name $GPO.DisplayName -ReportType xml
$User = $xml.documentelement.user.extensiondata.extension.script.command
$computer = $xml.documentelement.Computer.extensiondata.extension.script.command
$Incriment = 1
$UserScript = @()
ForEach ($U in $User)
$US = New-Object -TypeName PSObject
$Script = ($U.Split("\"))[-1]
$US | Add-Member -MemberType NoteProperty -Name "Script" -Value $Script
$UserScript += $US
}
$ComputerScript = @()
ForEach ($C in $Computer)
$CS = New-Object -TypeName PSObject
$Script = ($C.Split("\"))[-1]
$CS | Add-Member -MemberType NoteProperty -Name "Script" -Value $Script
$ComputerScript += $CS
$Obj | Add-Member -MemberType NoteProperty -Name "UserScript" -Value $UserScript
$Obj | Add-Member -MemberType NoteProperty -Name "ComputerScript" -Value $ComputerScript
Write-Output $Obj
Getting this error for every policy
Default Domain Policy {@{Script=}}You cannot call a method on a null-valued expression.At line:16 char:20+ $Script = ($U.Split <<<< ("\"))[-1] + CategoryInfo : InvalidOperation: (Split:String) [], RuntimeException + FullyQualifiedErrorId : InvokeMethodOnNull
You cannot call a method on a null-valued expression.At line:24 char:20+ $Script = ($C.Split <<<< ("\"))[-1] + CategoryInfo : InvalidOperation: (Split:String) [], RuntimeException + FullyQualifiedErrorId : InvokeMethodOnNull
Thanks alot..it works
Good, what was causing the bug?