find gpo's without security filtering

Welcome Forums General PowerShell Q&A find gpo's without security filtering

This topic contains 3 replies, has 2 voices, and was last updated by

Jon
 
Participant
1 year, 9 months ago.

  • Author
    Posts
  • #77224
    Jon

    Participant
    Topics: 13
    Replies: 219
    Points: 90
    Rank: Member

    I'm doing some gpo clean up and have identified gpo's that are disabled and/or not linked but I also want to go through and find ones that don't have any security filtering

    What I have so far is:
    get-gpo -all | Get-GPPermission -all | where permission -notmatch "gpoapply"

    But what I don't know how to do is search based on NOT having gpoapply and also return the name of the GPO. I'm not locked down to this method of searching if someone has a better way.

    Thoughts? Thanks!

  • #77229
    Jon

    Participant
    Topics: 13
    Replies: 219
    Points: 90
    Rank: Member

    Well I did this

    Get-GPO -All | 
        %{
           If ( $_ | Get-Gppermissions -all | where permission -NotMatch "gpoapply" )
            {
            Write-Host $_.DisplayName
            }
        }
    

    and was able to get the display names, but that identified the flaw in my logic. Every gpo will have entries that don't match gpoapply!

    Back to the drawing board...

  • #77245

    Participant
    Topics: 1
    Replies: 36
    Points: 30
    Rank: Member

    I've had the fun of working with GPOs recently as well and thought I would check to see if I could take a stab at it. Try the below

    Get-GPO -All | ForEach-Object{
    	if ((Get-GPPermission -Guid $_.id -All).permission -notcontains "GpoApply")
    	{
    		Write-Output $_
    	}
    }
    

    I'm returning the whole object there – You can of course modify this down to suite your needs (example: write-output $_.displayname) but I have learned after being bit multiple times that when I filter output too early I almost always end up needing more of the object later on.

  • #77299
    Jon

    Participant
    Topics: 13
    Replies: 219
    Points: 90
    Rank: Member

    That worked, thank you!

The topic ‘find gpo's without security filtering’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort