Using Powershell to find Group Policy Strangeness


Do you have any GPOs which are “not doing anything”? If so, why?

If you have zillions of GPOs, here’s a quick cleanup tip.

Use a Windows 7 machine and PowerShell to quickly find all GPOs which have all their settings disabled.

Here’s an example GPO with all the settings disabled.


Sure, you COULD click on every stinkin’ GPO you have in your domain.

-OR- you can use Powershell to quickly get to the bottom of things.

1. On a Windows 7 machine, open a command prompt.

2. Type “Powershell” (no quotes.)

3. Type “import-module Grouppolicy” (no quotes.)

4. Type the command you see here: get-gpo –all | sort gpostatus

The ones with “AllSettingsDisabled” will bubble up to the top.


All the Powershell propeller-heads are rolling their eyes right now, because they know there’s a cleaner way to produce the output of this… showing ONLY the ones that actually match the GpoStatus of “AllSettingsDisabled.”

Yes, yes, you purists…

Here’s how to do it:

get-gpo –all | where { $_.GPOstatus –eq “AllSettingsDisabled”}


Hope this helps you out!

Copyright © All rights reserved. is a service of PolicyPak Software