Find Set GPO Settings Via Keywords

  • 14 September 2016
  • Sean Huggans
Description: 

The goal of this script is to allow you to search the GPOs in your domain that contain set settings matching keywords or search terms you specify. This is a very rough draft of the script, but works. Although it is a work in progress, I felt like it was useful enough to share - if you have any comments or suggestions for this, leave a comment below. Hopefully it can help someone who is trying to find pesky settings somewhere in their environment.

Language: 
PowerShell
Usage Type: 
Standalone
Script Source: 
##################################
# FindSetGPOSettingsViaKeyWords
# Script by Sean Huggans
# Original Date 2016.09.13
# This Script will generate two logs - 
# one will be a list of GPOs containing 
# settings matching the search terms provided, 
# the second will be a log of those with GPOs, 
# with a breakdown of the groups with 
# ApplyGpo Permission on the GPO, as well as 
# the option to include groups with GPORead 
# permission.
##################################
 
Using NameSpace system
import-module ActiveDirectory
import-module GroupPolicy
 
#TODO: Take input Params
 
[String]$Domain = "Corp.FMScug.net"
[String]$ReportsPath = "C:\Temp\GPOReports\HTMLReports"
[String]$OutputPath = "C:\Temp\GPOReports\Results"
 
New-Item -ItemType directory -Path $ReportsPath -ErrorAction Ignore > $null
New-Item -ItemType directory -Path $OutputPath -ErrorAction Ignore > $null
 
echo ""
echo "********************************"
echo "Building GPO Reports..."
echo "********************************"
echo ""
 
foreach ($GPO in $(Get-GPO -all)) {
$GPOName = $GPO.DisplayName
$Path = "$ReportsPath\$GPOName.html"
Get-GPOReport -Name $GPO.DisplayName -ReportType Html -Domain $Domain -Path $Path
}
 
echo ""
echo "***********************************************"
echo "Beginning Search on GPO Reports..."
echo "***********************************************"
echo ""
 
filter KeyWords( [String[]]$SearchTerms ) {
echo "" > "$OutputPath\SearchResults.log"
echo "" > "$OutputPath\ApplyGroups.log"
echo "" > "$OutputPath\GPOs Matching Search Terms.log"
echo "GPO search results:" 
echo "GPO search results:" >> "$OutputPath\SearchResults.log"
$GPOList = New-Object System.Collections.ArrayList
$GroupList = New-Object System.Collections.ArrayList
 foreach($SearchTerm in $SearchTerms) {
  foreach ($file in Get-ChildItem $ReportsPath | Select-String -Pattern $SearchTerm | Select-Object -Unique path) {
    $GPOName = $file.path.Replace("$ReportsPath\","").replace(".html","")
    if ($GPOList -notcontains $GPOName) {
     $GPOGUID = $(Get-GPO -name "$GPOName").Id
     $GPOLinks = Get-ADOrganizationalUnit -LDAPFilter "(gPLink=*$GPOGUID*)"
     $GPOPerms = Get-GPPermissions -All -GUId $GPOGUID
     #Add GPO item to GPOList (Avoid Duplicates)
     $GPOList.add($GPOName) > $null
     # On Screen Display and Full Log
     echo "======"
     echo "======" >> "$OutputPath\GPOs Matching Search Terms.log"
     echo "GPO Name: $GPOName"
     echo "GPO Name: $GPOName" >> "$OutputPath\GPOs Matching Search Terms.log"
     echo "------"
     echo "------" >> "$OutputPath\GPOs Matching Search Terms.log"
     echo "GPO Permissions:"
     echo "GPO Permissions:" >> "$OutputPath\GPOs Matching Search Terms.log"
     foreach ($GPOPermObject in $GPOPerms.Trustee) {
      $GPOObjectName = $GPOPermObject.Name
      $GPOObjectPerms = Get-GPPermissions -Name $GPOName -TargetName "$GPOObjectName" -TargetType Group
      $GPOObjectPermsLevel = $GPOObjectPerms.Permission
      if ($GPOObjectPermsLevel -contains ("GpoApply")) {
       if ($GroupList -notcontains ($GPOObjectName)) {
       echo "$GPOObjectName : $GPOObjectPermsLevel"
       echo "$GPOObjectName : $GPOObjectPermsLevel" >> "$OutputPath\GPOs Matching Search Terms.log"
       $GroupList.add($GPOObjectName) > $null
       }
      }
    ## Uncomment to include READ permission listing
    ##  if ($GPOObjectPermsLevel -contains ("GpoRead")) {
    ##   if ($GroupList -notcontains ($GPOObjectName)) {
    ##    echo "$GPOObjectName : $GPOObjectPermsLevel"
    ##    echo "$GPOObjectName : $GPOObjectPermsLevel" >> "$OutputPath\GPOs Matching Search Terms.log"
    ##   }
    ##  }
    }
   echo "======"
   echo "======" >> "$OutputPath\GPOs Matching Search Terms.log"
   echo ""
   echo "" >> "$OutputPath\GPOs Matching Search Terms.log"
 
   # GPO List Log
   echo $GPOName >> "$OutputPath\SearchResults.log"
   }
  }
 }
}
KeyWords 'Phrase 1','Phrase2'
 
echo ""
echo ""
echo "A list of GPOs containing settings matching the search terms has been saved to $OutputPath\SearchResults.log."
echo "The entire formatted output from this script has been saved to $OutputPath\\GPOs Matching Search Terms.log."
Note: that all applications posted here are posted for use, both commercial and non-commercial, free of charge, and as such are provided as-is, without warranty of any kind whatsoever. visuaFUSION, FMSCUG or any other program listed here's author are not responsible for any damages or shortcomings that result from usage of any of these applications.
Error | visuaFUSION Systems Solutions Blog

Error message

  • Warning: Cannot modify header information - headers already sent by (output started at /mnt/home/visuafus/public_html/bahusa.net/includes/common.inc:2861) in drupal_send_headers() (line 1551 of /mnt/home/visuafus/public_html/bahusa.net/includes/bootstrap.inc).
  • Error: Call to undefined function mail() in DefaultMailSystem->mail() (line 79 of /mnt/home/visuafus/public_html/bahusa.net/modules/system/system.mail.inc).

Error

The website encountered an unexpected error. Please try again later.