List_GPO_Permissions.wsf (In the book)

Jan
25
2013

 

<package>
<job>
<comment>
Script : List_GPMC_Information.wsf
From the book "Group Policy" by Jeremy Moskowitz

The contents of this script are provided "as is".  
No warranty of any kind, either express or implied, is made in relation 
to the availability, accuracy, reliability or content of this script.
ALWAYS test scripts before using in your production network!
</comment>
<script language="VBScript" src="GPMgmt.vbs"/>
<script>
CheckCScript
CreateGPMObjects
If WSH.Arguments.Named.Exists("GPO") Then
    GPOName = WSH.Arguments.Named("GPO")
Else
    GPOName = InputBox("Enter the name of the GPO to view permissions of.","Enter GPO Name")
End If
'Search for an select a GPO called "General Desktop Settings" 
Set gpmSearchCriteria = gpm.CreateSearchCriteria()
gpmSearchCriteria.Add gpmConstants.SearchPropertyGPODisplayName, gpmConstants.SearchOPcontains, GPOName
Set gpmGPO_List = gpmDomain.SearchGPOs(gpmSearchCriteria)
On Error Resume Next
set gpmGPO = gpmDomain.GetGPO(gpmGPO_List.item(1).ID)
If Err.Number <> 0 Then
    WScript.Echo "Sorry, that GPO name could not be found.  Please try again."
    WScript.Quit
End If
WScript.Echo "Here's information about the selected GPO:"
WScript.Echo String(30,"=")
WScript.Echo "GPO Friendly Name: " & gpmGPO.DisplayName
WScript.Echo "Domain: " & gpmGPO.DomainName
WScript.Echo "GPO GUID: " & gpmGPO.ID
WScript.Echo "Modification Timestamp: " & gpmGPO.ModificationTime
WScript.Echo vbNL

Set gpmSecurityInfo = gpmGPO.GetSecurityInfo()
WScript.Echo "The GPO has " & gpmSecurityInfo.Count & " security entries on the ACL."

For i=1 To gpmSecurityInfo.Count
WScript.Echo vbCrLf & String(40,"=")
Set gpmPermission = gpmSecurityInfo.item(i)

With gpmPermission.trustee
    WScript.Echo "Trustee Name: " & .trusteeName
    WScript.Echo "Trustee Type: " & ConvertTrusteeType(.trusteeType)
    WScript.Echo "Trustee Domain: " & .trusteeDomain
    WScript.Echo "Trustee DS Path: " & .trusteeDSPath
    WScript.Echo "Trustee SID: " & .trusteeSid
End With

With gpmPermission
    WScript.Echo "ACE Mask: " & ConvertAccessSetting(.permission)
    WScript.Echo "Denied? " & .denied
    WScript.Echo "Inheritable? " & .inheritable
    WScript.Echo "Inherited? " & .inherited
End With
 
Next

WScript.Echo vbCrLf & "Completed processing the security entries for " & gpmGPO.DisplayName & "."


		</script>
	</job>
	<job id="Untitled">
	</job>
</package>