Powershell – Group Policy Cmdlets
Windows Server 2008 R2 and Windows Remote Server Administration Tools (RSAT) come with some nice CMDlets for the processing of group guidelines:
- Create, delete and save Group Policy Objects
- Import GPO’s
- Generate reports
- Set authorizations on GPO’s
- Link GPO’s to OU’s
In the following example the links and authorizations of the “Default Domain Policy” are distributed.
First the Group Policy modules (provided together with Windows Server 2008) have to be loaded:
|
1 |
<span style="color: #339966;"><strong>import-module</strong></span> <span style="color: #ff00ff;">grouppolicy</span> |
Loading of the Default Domain Policy:
|
1 |
<span style="color: #ff00ff;">$GPO</span>=<span style="color: #339966;"><strong>get-gpo</strong></span> <span style="color: #ff00ff;">"default domain policy"<em></em></span> |
Showing of the display name of the GPO’s:
|
1 |
<span style="color: #ff00ff;">$GPO</span>.<span style="color: #ff9900;">DisplayName</span> |
Generation of a XML-report:
|
1 |
[<span style="color: #339966;">xml</span>]<span style="color: #ff00ff;">$report</span>=<span style="color: #339966;"><strong>Get-GPOReport</strong></span> <span style="color: #ff00ff;">$GPO</span>.<span style="color: #ff9900;">DisplayName</span> <em>-<span style="color: #339966;">ReportType</span></em> <span style="color: #ff00ff;">Xml</span> |
Analysis of the XML-report, display of the links:
|
1 |
<span style="color: #ff00ff;">$report</span>.<span style="color: #ff9900;">DocumentElement</span>.LinksTo.SOMPath |
Display of the authorizations of the GPO-object:
|
1 |
<span style="color: #ff00ff;">$GPOPerm</span>= <span style="color: #339966;"><strong>Get-GPPermissions</strong></span> <span style="color: #ff00ff;">$GPO</span>.<span style="color: #ff9900;">DisplayName</span> <span style="color: #339966;"><em>-All</em></span> |
|
1 2 3 4 |
<span style="color: #3366ff;">foreach</span>(<span style="color: #ff00ff;">$GPOtrustee</span> <span style="color: #3366ff;">in</span> <span style="color: #ff00ff;">$GPOPerm</span>) { <span style="color: #ff00ff;">$GPOtrustee</span>.<span style="color: #ff9900;">Trustee</span>.<span style="color: #ff9900;">Name</span> <span style="color: #ff0000;">+</span><span style="color: #ff00ff;">";"</span><span style="color: #ff0000;">+</span> <span style="color: #ff00ff;">$GPOtrustee</span>.<span style="color: #ff9900;">Permission</span> } |
Display of the script by example of the Default Domain Policy:
GPO Name:
Default Domain Policy
GPO Links:
de01.univice.biz
GPO Permissions:
Domänen-Admins; GpoEditDeleteModifySecurity
Organisations-Admins; GpoEditDeleteModifySecurity
SYSTEM; GpoEditDeleteModifySecurity
Authentifizierte Benutzer; GpoApply
DOMÄNENCONTROLLER DER ORGANISATION; GpoRead
Leave a Reply
<p>Your email is safe with us.<br/>Information about our <a href="https://activedirectoryfaq.com/contact-us/">data protection policies</a></p>