Get-GPO.ps1

# Get-GPO.ps1
# Writen By Brandon Shell aka(BSonPosh)
# Gets GPO or GPOs according to Parameters
# Parameters
#  -GPOName: Name of the GPO
#  -CSE: Policy Extension you want to search for
#  -Group: Group to Search for
#  -Permission: Permissions for the Group. Defaults to 'apply'
# Switches
#  -CSEList: List Client Side Extensions
#  -NoLink: Gets all GPOs with no Links
#  -List: List All GPO's
#  -Verbose: Enables Verbose Logging
Param(
    $GPOName,
    $CSE,
    $Group,
    $Permission = 'apply',
    [switch]$CSEList,
    [switch]$NoLink,
    [switch]$List,
    [switch]$Verbose)
Write-Host
function Check-GPOLink{
    Param($GPOObject)
    $GPMsc = $gpm.CreateSearchCriteria()
    $GPMsc.Add($gpmConstants.SearchPropertySOMLinks,$gpmConstants.SearchOPContains,$GPOObject)
    $SOMList = $GPMDomain.SearchSOMs($GPMsc)
    if($SOMList.Count -eq 0){$true}else{$false}
}
function Find-GPOGroup{
    Param($grp,$perm)
    # Convert $Perm to a Constant Value
    switch -regex ($perm)
    {
        'apply'     {$iPerm = $gpmConstants.permGPOApply;continue}
        'edit'      {$iPerm = $gpmConstants.permGPOEdit;continue}
        'read'      {$iPerm = $gpmConstants.permGPORead;continue}
        'fulledit'  {$iPerm = $gpmConstants.permGPOEditSecurityAndDelete;continue}
    }
    if(!$iPerm)
    {
        Write-Error "Invalid Permission Specified [$perm]`nPlease Use apply,edit,read, or fulledit"
        return $false
    }
    $searchScope = $gpmConstants.SearchPropertyGPOPermissions
    $GPPermission = $gpm.CreatePermission($grp,$iperm,$false)
    $GPMsc = $gpm.CreateSearchCriteria()
    $GPMsc.Add($searchScope,$gpmConstants.SearchOPContains,$GPPermission)
    $GPOList = $GPMDomain.SearchGPOs($GPMsc)
    $GPOList #| foreach{$_.DisplayName}
}
function Find-PolicyExt{
    Param($ext)
    # Getting ID from Display Name
    Write-Verbose "Converting $ext to ID"
    $id = $gpm.GetClientSideExtensions() | Where-Object{$_.DisplayName -eq $ext} | %{$_.ID}
    Write-Verbose "ID $id Found"
    if(!$id)
    {
        Write-Host "   - <$ext> Not a Valid Extension. Please Use One of the Following:"
        $gpm.GetClientSideExtensions() | %{Write-Host "     * $($_.DisplayName)"}
        Write-Host
        Break
    }
    # an array to collect all the GPOs
    $return = @()
    # Getting all the User Policies with Specified Ext
    $GPMsc = $gpm.CreateSearchCriteria()
    $GPMsc.Add($gpmConstants.SearchPropertyGPOUserExtensions,$gpmConstants.SearchOPContains,$id)
    $GPOList = $GPMDomain.SearchGPOs($GPMsc)
    $GPOList #| foreach{$return += $_.DisplayName}
    # Getting all the Computer Policies with Specified Ext  
    $GPMsc = $gpm.CreateSearchCriteria()
    $GPMsc.Add($gpmConstants.SearchPropertyGPOComputerExtensions,$gpmConstants.SearchOPContains,$id)
    $GPOList = $GPMDomain.SearchGPOs($GPMsc)
    $GPOList #| foreach{$return += $_.DisplayName}
    $return
}

if($verbose){$verbosepreference = "continue"}

. "$pwd\Set-GPEnvironment.ps1"

# Check Client Side Extensions
if($CSE -or $CSEList)
{
    Write-Host "<=== List of GPOs by Policy Extension ===>" -fore GREEN
    if($CSEList){$gpm.GetClientSideExtensions() | %{Write-Host "     * $($_.DisplayName)"}}
    else{Find-PolicyExt $CSE}
}

# Getting GPO by Name if specified... else Get all of them to process
if($GPOName)
{
    Write-Verbose "Getting GPO $GPOName"
    $gpo = $gpmDomain.SearchGPOs($gpm.CreateSearchCriteria()) | Where-Object{$_.DisplayName -eq $GPOName}
    $gpo
}
else
{
    Write-Verbose "Getting ALL GPOs"
    $gpos = $gpmDomain.SearchGPOs($gpm.CreateSearchCriteria())
    if($NoLink)
    {
        Write-Host "<=== GPOs with NO links ===>" -fore GREEN
        foreach($gpo in $gpos)
        {
            if(Check-GPOLink $gpo){$gpo}
        }
    }
}

# Listing the GPOs
if($list)
{
    Write-Host "<=== List of GPOs ===>" -fore GREEN
    $gpos | Foreach-Object{Write-Host "   - $($_.DisplayName)"}
    Write-Host
}

if($Group)
{
    Find-GPOGroup $Group $Permission
}

Write-Host

Attachments:
 Get-GPO.txt- Get-GPO.ps1 script referenced in Chapter 11. Please change file extension from .txt to .ps1.
 

Be a hero! Report a problem with this web page here

Event Calendar

Find out where and when Jeremy will be speaking next.

November 2008
SMTWTFS
1
2345678
9101112131415
16171819202122
23242526272829
30
Prev Month Current Month Next Month
Mon, Nov 10 - Thu, Nov 13
Windows Connections -- Vegas
It's WinConnections time! All sorts of great speeches this time. GP Troubleshooting, My Pre-Con, App-V 101. Will you be there?
www.winconnections.com
Mon, Nov 17 - Tue, Nov 18
Two-Day Intensive Group Policy Essentials Workshop (taught by Jeremy Moskowitz (Lead Instructor) - GPanswers.com / Moskowitz, Inc. )
 Final class of 2008.
This is a Two-Day Intensive Group Policy Essentials Workshop in Atlanta, GA !
Wed, Nov 19 - Thu, Nov 20
Two-Day "Group Policy 2.0" Catch-Up Workshop (taught by Jeremy Moskowitz (Lead Instructor) - GPanswers.com / Moskowitz, Inc. )
 Final class of 2008.
This is a Two-Day "Group Policy 2.0" Catch-Up Workshop in Atlanta, GA !
Fri, Nov 21 - Fri, Nov 21
One-Day Advanced Group Policy Workshop (XP/Vista Focused) (taught by Jeremy Moskowitz (Lead Instructor) - GPanswers.com / Moskowitz, Inc. )
 Final class of 2008.
This is a One-Day Advanced Group Policy Workshop (XP/Vista Focused) in Atlanta, GA !