View Blog

Nov 2010
30

Using Powershell to find Group Policy Strangeness

Do you have any GPOs which are “not doing anything”? If so, why?

If you have zillions of GPOs, here’s a quick cleanup tip.

Use a Windows 7 machine and PowerShell to quickly find all GPOs which have all their settings disabled.

Here's an example GPO with all the settings disabled.

image

Sure, you COULD click on every stinkin GPO you have in your domain.

-OR- you can use Powershell to quickly get to the bottom of things.

1. On a Windows 7 machine, open a command prompt.

2. Type “Powershell” (no quotes.)

3. Type import-module Grouppolicy (no quotes.)

4. Type the command you see here: get-gpo all | sort gpostatus

The ones with AllSettingsDisabled will bubble up to the top.

image

All the Powershell propeller-heads are rolling their eyes right now, because they know there's a cleaner way to produce the output of this showing ONLY the ones that actually match the GpoStatus of AllSettingsDisabled.

Yes, yes, you purists

Here's how to do it:

get-gpo all | where { $_.GPOstatus eq AllSettingsDisabled}

image

Hope this helps you out!

Comments (0)

No Comments!