WSV 415 Group Policy Reporting and Analysis with
- Slides: 33
WSV 415 Group Policy Reporting and Analysis with Windows Power. Shell Jeremy Moskowitz Chief Propeller-Head GPAnswers. com / Policy. Pak Software Jeffery Hicks Prof. Power. Shell JDH Information Technology Solutions
You are the Group Policy Go-To "Guy" You know a little Power. Shell You want to blend the two. Solve problems proactively Jeremy, Group Policy MVP: Mr. Problem Explainer Jeff, Power. Shell MVP: Mr. Solutions guy
Power. Shell and Group Policy Requirements (Myths and Facts) Group Policy Reporting Group Policy Analysis (ie: Find “oops-ed” GPOs) Find Extra Registry Settings Find GPO with ADM Files Find Unlinked GPOs
Want the demos & samples? Sign up: tinyurl. com/teps 1 Problems with the signup? Just email us (URL will show up again later, but write it down now)
Myth Busted: Any Active Directory is A-OK Requirements: Windows 7 or later on management machine (preferred) RSAT for Windows 7 Power. Shell v 2. 0 or later Optional: Microsoft Active Directory Provider recommended
Import-module Group. Policy Get a GPO Power. Shell Object Build a report based on the object Build HTML/XML GPO Reports Parse and search the XML for analysis Select-XML and Xpath searches are helpful
Boss wants there to be a “paper record” of what’s currently in Group Policy
The GPO Power. Shell Object PS C: > Import-Module Group. Policy PS C: > Get-GPO Jeremy. GPO Display. Name Domain. Name Owner Id Gpo. Status Description Creation. Time Modification. Time User. Version Computer. Version Wmi. Filter : : : Jeremy. GPO GLOBOMANTICS. local GLOBOMANTICSDomain Admins cd 73 c 562 -5 bfe-40 e 2 -b 81 e-28 da 10 da 425 c Computer. Settings. Disabled 12/28/2011 2: 52: 37 PM 5/21/2012 11: 08: 26 AM AD Version: 4, Sys. Vol Version: 4 AD Version: 1, Sys. Vol Version: 1
Get-GPOReport (HTML and XML) GPOs Modified and Created Automated HTML GPO Reports GPOs by Container
GPO Report Sample get-gpo -all | Where {$_. Modification. Time -gt (Get. Date). Add. Days(-30)}. . . | Sort Modification. Time -Descending | Where {$_. Modification. Time -ge (Get-Date). Add. Days(-30)} | Select Displayname, Modification. Time, Description. . . | Export-CSV R: GPOMod. Report. csv
GPO Reports with Power. Shell
Boss says “There are too many GPOs, some don’t appear to be used”
Identify Group Policy Objects with no settings Look for XML Extension. Data
Empty GPOs <> Extension. Data PS C: > Import-Module Group. Policy PS C: > [xml]$r = Get-GPOReport -Name My. GPO -Report. Type XML PS C: > if ((-Not $r. gpo. user. extensiondata) -AND (not $r. gpo. computer. extensiondata)) { "GPO is empty" }
Find Empty GPOs
(Three problems solved for the price of one line of code) Boss says “When was the last time anyone touched [Group Policy Object X]? ” “Are there any GPOs with ‘half’ the policy disabled? ” “Are there any GPOs with ‘all’ the policy disabled? ”
Filter GPOs by GPOStatus PS C: > get-gpo -all | Sort GPOStatus | format-table Group. By GPOStatus Displayname, *Time PS C: > get-gpo -all | where {$_. GPOStatus -match "disabled"} | Select GPOStatus, Displayname PS C: > get-gpo -all | where {$_. GPOStatus -match "All. Settings. Disabled"}
Filter GPOs by Node Status
Why have GPOs which “have stuff” but aren’t being utilized anywhere?
Find Unlinked GPOs Import-Module Active. Directory Get-ADOrganizational. Unit -filter * | select-object -Expand. Property Distinguished. Name | get-adobject -prop gplink | where {$_. gplink} | Select-object -expand gplink | foreach-object { foreach ($item in ($_. Split("]["))) { $links+=$regex. match($item). Value } } Get-GPO -All | Where {$links -notcontains $_. id}
Find Unlinked GPOs
Find Extra Registry Settings #Use Xpath with the XML report data PS C: > [xml]$report = Get-GPOReport -Name My. GPO -Report. Type XML PS C: > $ns = @{q 3 = "http: //www. microsoft. com/Group. Policy/Settings/Regi stry"} PS C: > $nodes = Select-Xml $report -Namespace $ns -XPath "//q 3: Registry. Setting" | select -expand Node | Where {$_. Adm. Setting -eq 'false'}
Find Extra Registry Settings
Get-Question | Out-Answer
Jeff Hicks http: //jdhitsolutions. com/blog @Jeff. Hicks Jeremy Moskowitz http: //gpanswers. com http: //www. policypak. com @jeremymoskowitz Get Examples Get Help Get Smarter FREE PS+Group Policy chaper: tinyurl. com/teps 1
#TE(sessioncode) Talk to our Experts at the TLC DOWNLOAD Windows Server 2012 Release Candidate Hands-On Labs microsoft. com/windowsserver DOWNLOAD Windows Azure Windowsazure. com/ teched
Learning Connect. Share. Discuss. Microsoft Certification & Training Resources http: //northamerica. msteched. com www. microsoft. com/learning Tech. Net Resources for IT Professionals Resources for Developers http: //microsoft. com/technet http: //microsoft. com/msdn
Complete an evaluation on Comm. Net and enter to win!
Scan the Tag to evaluate this session now on my. Tech. Ed Mobile
- 415 group
- R/wsv
- Wsv file
- Krb_ap_err_modified
- Wsv file
- Naca 2413
- Ncgs 14-415
- Entity 415
- Entity 415
- (877)415-1745
- Ppc mechanical seals
- Significant figure of 415/2
- Diatami
- Cpsc 415
- Adoption and foster care analysis and reporting system
- Reporting aggregated data using the group functions
- Reporting aggregated data using the group functions
- Reporting aggregated data using the group functions
- Direct vs indirect cash flow
- Group mediclaim policy presentation
- Group policy processing order
- Group policy processing order
- Advanced group policy management
- Group mediclaim policy presentation
- Group policy
- Pacific health policy group
- Anova within group and between group
- Classification of social group
- Amino group and carboxyl group
- Amino group and carboxyl group
- Jrcptb
- Joining together group theory and group skills
- Policy process analysis
- Landscape section of a health policy analysis