Get-GPO
Get-GPOReport
Get-GPInheritance
Get-GPPermission
Gets one GPO or all the GPOs in a domain.
Example 1: Get a single GPO from a domain
Get-GPO -Name "Default Domain Policy"
DisplayName : Default Domain Policy
DomainName : rs.local
Owner : RS\Domain Admins
Id : 31b2f340-016d-11d2-945f-00c04fb984f9
GpoStatus : AllSettingsEnabled
Description :
CreationTime : 12-10-2024 08:29:23
ModificationTime : 12-10-2024 08:36:18
UserVersion : AD Version: 0, SysVol Version: 0
ComputerVersion : AD Version: 3, SysVol Version: 3
WmiFilter :
Example 2: Get a single GPO by GUID
Get-GPO -Guid 31b2f340-016d-11d2-945f-00c04fb984f9
DisplayName : Default Domain Policy
DomainName : rs.local
Owner : RS\Domain Admins
Id : 31b2f340-016d-11d2-945f-00c04fb984f9
GpoStatus : AllSettingsEnabled
Description :
CreationTime : 12-10-2024 08:29:23
ModificationTime : 12-10-2024 08:36:19
UserVersion : AD Version: 0, SysVol Version: 0
ComputerVersion : AD Version: 3, SysVol Version: 3
WmiFilter :
Example 3: Get all GPOs from a domain and Count
(Get-GPO -All -Domain "rs.local").Count
Get-GPO -All -Domain "rs.local" | Select-Object DisplayName,Owner,Id,GpoStatus,Description,CreationTime,ModificationTime,WmiFilter | Sort-Object -Property DisplayName | Out-GridView
$FileName1 = "gpo_all"; $FileName2 = Get-Date -Format yyyy-MM-dd_HH-mm-ss; $FileName = $FileName1+"_"+$FileName2+".csv"
Get-GPO -All -Domain "rs.local" | Select-Object DisplayName,Owner,Id,GpoStatus,Description,CreationTime,ModificationTime,WmiFilter | Sort-Object -Property DisplayName | Export-Csv .\$FileName -NoTypeInfo
rmation
Generates a report either in XML or HTML format for a specified GPO or for all GPOs in a domain.
Example 1: Generate an HTML report for the specified GPO
Get-GPOReport -Name "TestGPO1" -ReportType HTML -Path "C:\GPOReports\TestGPO1_Report.html"
Gets the permission level for one or more security principals on a specified GPO.
Example 1: Get the permission level for all security principals on the specified GPO
Get-GPPermission -Name "Default Domain Policy" -All | Format-Table -AutoSize
Trustee TrusteeType Permission Inherited
------- ----------- ---------- ---------
Domain Admins Group GpoCustom False
Enterprise Admins Group GpoCustom False
SYSTEM WellKnownGroup GpoEditDeleteModifySecurity False
Authenticated Users WellKnownGroup GpoApply False
ENTERPRISE DOMAIN CONTROLLERS WellKnownGroup GpoRead False
Get-GPPermission -Name "Default Domain Controllers Policy" -All | Format-Table -AutoSize
Trustee TrusteeType Permission Inherited
------- ----------- ---------- ---------
Domain Admins Group GpoCustom False
Enterprise Admins Group GpoCustom False
SYSTEM WellKnownGroup GpoEditDeleteModifySecurity False
Authenticated Users WellKnownGroup GpoApply False
ENTERPRISE DOMAIN CONTROLLERS WellKnownGroup GpoRead False
Example 2: Test GPO created manually.
Get-GPPermission -Name "Test GPO" -All | Format-Table -AutoSize
Trustee TrusteeType Permission Inherited
------- ----------- ---------- ---------
Authenticated Users WellKnownGroup GpoApply False
Domain Admins Group GpoEditDeleteModifySecurity False
Enterprise Admins Group GpoEditDeleteModifySecurity False
ENTERPRISE DOMAIN CONTROLLERS WellKnownGroup GpoRead False
SYSTEM WellKnownGroup GpoEditDeleteModifySecurity False