Get-GPO.ps1

Jan
24
2013

# Get-GPO.ps1
# Writen By Brandon Shell aka(BSonPosh)
# Gets GPO or GPOs according to Parameters
# Parameters
#  -GPOName: Name of the GPO
#  -CSE: Policy Extension you want to search for
#  -Group: Group to Search for
#  -Permission: Permissions for the Group. Defaults to ‘apply’
# Switches
#  -CSEList: List Client Side Extensions
#  -NoLink: Gets all GPOs with no Links
#  -List: List All GPO’s
#  -Verbose: Enables Verbose Logging
Param(
$GPOName,
$CSE,
$Group,
$Permission = ‘apply’,
[switch]$CSEList,
[switch]$NoLink,
[switch]$List,
[switch]$Verbose)
Write-Host
function Check-GPOLink{
Param($GPOObject)
$GPMsc = $gpm.CreateSearchCriteria()
$GPMsc.Add($gpmConstants.SearchPropertySOMLinks,$gpmConstants.SearchOPContains,$GPOObject)
$SOMList = $GPMDomain.SearchSOMs($GPMsc)
if($SOMList.Count -eq 0){$true}else{$false}
}
function Find-GPOGroup{
Param($grp,$perm)
# Convert $Perm to a Constant Value
switch -regex ($perm)
{
‘apply’     {$iPerm = $gpmConstants.permGPOApply;continue}
‘edit’      {$iPerm = $gpmConstants.permGPOEdit;continue}
‘read’      {$iPerm = $gpmConstants.permGPORead;continue}
‘fulledit’  {$iPerm = $gpmConstants.permGPOEditSecurityAndDelete;continue}
}
if(!$iPerm)
{
Write-Error “Invalid Permission Specified [$perm]`nPlease Use apply,edit,read, or fulledit”
return $false
}
$searchScope = $gpmConstants.SearchPropertyGPOPermissions
$GPPermission = $gpm.CreatePermission($grp,$iperm,$false)
$GPMsc = $gpm.CreateSearchCriteria()
$GPMsc.Add($searchScope,$gpmConstants.SearchOPContains,$GPPermission)
$GPOList = $GPMDomain.SearchGPOs($GPMsc)
$GPOList #| foreach{$_.DisplayName}
}
function Find-PolicyExt{
Param($ext)
# Getting ID from Display Name
Write-Verbose “Converting $ext to ID”
$id = $gpm.GetClientSideExtensions() | Where-Object{$_.DisplayName -eq $ext} | %{$_.ID}
Write-Verbose “ID $id Found”
if(!$id)
{
Write-Host “   – <$ext> Not a Valid Extension. Please Use One of the Following:”
$gpm.GetClientSideExtensions() | %{Write-Host “     * $($_.DisplayName)”}
Write-Host
Break
}
# an array to collect all the GPOs
$return = @()
# Getting all the User Policies with Specified Ext
$GPMsc = $gpm.CreateSearchCriteria()
$GPMsc.Add($gpmConstants.SearchPropertyGPOUserExtensions,$gpmConstants.SearchOPContains,$id)
$GPOList = $GPMDomain.SearchGPOs($GPMsc)
$GPOList #| foreach{$return += $_.DisplayName}
# Getting all the Computer Policies with Specified Ext
$GPMsc = $gpm.CreateSearchCriteria()
$GPMsc.Add($gpmConstants.SearchPropertyGPOComputerExtensions,$gpmConstants.SearchOPContains,$id)
$GPOList = $GPMDomain.SearchGPOs($GPMsc)
$GPOList #| foreach{$return += $_.DisplayName}
$return
}

if($verbose){$verbosepreference = “continue”}

. “$pwd\Set-GPEnvironment.ps1″

# Check Client Side Extensions
if($CSE -or $CSEList)
{
Write-Host “<=== List of GPOs by Policy Extension ===>” -fore GREEN
if($CSEList){$gpm.GetClientSideExtensions() | %{Write-Host “     * $($_.DisplayName)”}}
else{Find-PolicyExt $CSE}
}

# Getting GPO by Name if specified… else Get all of them to process
if($GPOName)
{
Write-Verbose “Getting GPO $GPOName”
$gpo = $gpmDomain.SearchGPOs($gpm.CreateSearchCriteria()) | Where-Object{$_.DisplayName -eq $GPOName}
$gpo
}
else
{
Write-Verbose “Getting ALL GPOs”
$gpos = $gpmDomain.SearchGPOs($gpm.CreateSearchCriteria())
if($NoLink)
{
Write-Host “<=== GPOs with NO links ===>” -fore GREEN
foreach($gpo in $gpos)
{
if(Check-GPOLink $gpo){$gpo}
}
}
}

# Listing the GPOs
if($list)
{
Write-Host “<=== List of GPOs ===>” -fore GREEN
$gpos | Foreach-Object{Write-Host “   – $($_.DisplayName)”}
Write-Host
}

if($Group)
{
Find-GPOGroup $Group $Permission
}

Write-Host