Create_GPO_Permissions.wsf (In the book)



Script : Create_GPO_Permission.wsf
From the book "Group Policy" by Jeremy Moskowitz

The contents of this script are provided "as is".  
No warranty of any kind, either express or implied, is made in relation 
to the availability, accuracy, reliability or content of this script.
ALWAYS test scripts before using in your production network!
<script language="VBScript" src="GPMgmt.vbs"/>
If WSH.Arguments.Named.Exists("GPO") Then
    GPOName = WSH.Arguments.Named("GPO")
    GPOName = InputBox("Enter the name of the GPO to view permissions of.","Enter GPO Name")
End If
If WSH.Arguments.Named.Exists("Group") Then
    GroupName = WSH.Arguments.Named("Group")
    GroupName = InputBox("Enter the group to add","Enter Group")
End If
'Search for an select a GPO called "General Desktop Settings" 
Set gpmSearchCriteria = gpm.CreateSearchCriteria()
gpmSearchCriteria.Add gpmConstants.SearchPropertyGPODisplayName, gpmConstants.SearchOPcontains, GPOName
Set gpmGPO_List = gpmDomain.SearchGPOs(gpmSearchCriteria)
On Error Resume Next
set gpmGPO = gpmDomain.GetGPO(gpmGPO_List.item(1).ID)
If Err.Number <> 0 Then
    WScript.Echo "Sorry, that GPO name could not be found.  Please try again."
End If
WScript.Echo "Here's information about the selected GPO:"
WScript.Echo String(30,"=")
WScript.Echo "GPO Friendly Name: " & gpmGPO.DisplayName
WScript.Echo "Domain: " & gpmGPO.DomainName
WScript.Echo "GPO GUID: " & gpmGPO.ID
WScript.Echo "Modification Timestamp: " & gpmGPO.ModificationTime
WScript.Echo vbNL

Set gpmSecurityInfo = gpmGPO.GetSecurityInfo()
WScript.Echo "The GPO has " & gpmSecurityInfo.Count & " security entries on the ACL."

Set gpmNewPermission = gpm.CreatePermission(GroupName,gpmConstants.PermGPOApply, True)
With gpmPermission.trustee
    WScript.Echo "Trustee Name: " & .trusteeName
    WScript.Echo "Trustee Type: " & ConvertTrusteeType(.trusteeType)
    WScript.Echo "Trustee Domain: " & .trusteeDomain
    WScript.Echo "Trustee DS Path: " & .trusteeDSPath
    WScript.Echo "Trustee SID: " & .trusteeSid
End With

WScript.Echo vbCrLf & "Completed processing the security entries for " & gpmGPO.DisplayName & "."

	<job id="Untitled">