GPO Search

Find String in Group Policy Settings

# Get the string we want to search for
$string = Read-Host -Prompt "What string do you want to search for?"
 
# Set the domain to search for GPOs
$DomainName = $env:USERDNSDOMAIN
 
# Find all GPOs in the current domain
write-host "Finding all the GPOs in $DomainName"
Import-Module grouppolicy
$allGposInDomain = Get-GPO -All -Domain $DomainName
[string[]] $MatchedGPOList = @()

# Look through each GPO's XML for the string
Write-Host "Starting search...."
foreach ($gpo in $allGposInDomain) {
    $report = Get-GPOReport -Guid $gpo.Id -ReportType Xml
    if ($report -match $string) {
        write-host "********** Match found in: $($gpo.DisplayName) **********" -foregroundcolor "Green"
        $MatchedGPOList += "$($gpo.DisplayName)";
    } # end if
    else {
        Write-Host "No match in: $($gpo.DisplayName)"
    } # end else
} # end foreach
write-host "`r`n"
write-host "Results: **************" -foregroundcolor "Yellow"
foreach ($match in $MatchedGPOList) {
    write-host "Match found in: $($match)" -foregroundcolor "Green"
}

Beliebte Posts aus diesem Blog

Shutdown / Lastlogon Analyse

Wer hat das System heruntergefahren: Get-EventLog - LogName system - Source user32 - Newest 1 | fl * Logons der letzten 7 Tage: $filter = @ {     LogName       = 'System'     ProviderName = 'Microsoft-Windows-Winlogon'     StartTime     = ( Get-Date ). AddDays ( -7 ) } $logs = Get-WinEvent - FilterHashtable $filter $res = @ () ForEach ( $log in $logs ) {     if ( $log . Id -eq 7001 ) { $type = "Logon" }     elseif ( $log . Id -eq 7002 ) { $type = "Logoff" }     else { Continue }     # Check if Properties[1] exists before accessing     if ( $log . Properties . Count -gt 1 ) {         try {             $user = ( New-Object System.Security.Principal.SecurityIdentifier $log . Properties [ 1 ]. Value ). Translate ([ System.Security.Principal.NTAccount ])         } catch { ...
Mehr anzeigen