Param
(
# This section is the -StringToFind parameter
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=0)]
[String]
$StringToFind
)
Begin
{
$GPOsToCheck = get-gpo -all |Sort-Object
-property displayname # gather all GPO information and sort by displayname
Write-Host " Checking through"
$GPOsToCheck.count "GPO's"
}
Process
{
$ListOFAffectedGPOs
= @()
$count = 1
$GPOsToCheckCount =
$GPOsToCheck.count
foreach ($item in
$GPOsToCheck) # go through the list of group policies
{
$Result =
Get-GPOReport -name $item.DisplayName -ReportType XML
if ($Result -match
$StringToFind) # check if Result variable information matches the string
{
$ListOFAffectedGPOs
+= $item.DisplayName
}
else
{
}
Write-Host
"$count of $GPOsToCheckCount"
$count++
}
Write-Host
"List of GPO's that contain $StringToFind" -ForegroundColor Green
$ListOFAffectedGPOs
}
End
{
}
The syntax of the script is:
Get-GPOThatContains.ps1 -StringToFind password
The syntax of the script is:
Get-GPOThatContains.ps1 -StringToFind password
Here is the output based on my home AD domain:
PS C:\scripts> .\Get-GPOsThatContain.ps1 -StringToFind password
Checking through 9 GPO's
1 of 9
2 of 9
3 of 9
4 of 9
5 of 9
6 of 9
7 of 9
8 of 9
9 of 9
List of GPO's that contain password
Default Domain Policy
testdest
TestSource
Windows 7 Screen Lock
Checking through 9 GPO's
1 of 9
2 of 9
3 of 9
4 of 9
5 of 9
6 of 9
7 of 9
8 of 9
9 of 9
List of GPO's that contain password
Default Domain Policy
testdest
TestSource
Windows 7 Screen Lock
The script finds all GPOs, evaluates each policy for the string to find (in this case 'password'), and lists the policies that have that string.
I have found this script very useful when we need to quickly find a GPO entry or when onboarding a new client.
I hope you have found this helpful. Please let me know if you have any questions.
Mike
No comments:
Post a Comment