Author Posts

November 18, 2017 at 11:53 pm

Hi,
I'm a Exchange Administrator, now I was given the tasks to validate a new Desktop image with Windows 10 and Office 2016, with get-gpresultantsetofpolicy, get-gporeport, I found out what GPO are configured and export to HTML and XML. I now this GPO are build based on old GPO.

Is there any other way to find all outlook settings in a GPO with out parse the XML file (From the Get-GPOReport)?
Parsing XML is very hard for me.

Thanks
António

November 19, 2017 at 8:18 am

Well, it is a file, so if you are after only specific info, then you have to parse it.

Parsing XML an be a challenge...

'blogs.technet.com/b/heyscriptingguy/archive/2012/03/26/use-powershell-to-parse-an-xml-file-and-sort-the-data.aspx'

...but as long as you know what tagged area you want, it's fairly straight forward. Well, depending on how that XML file is defined. For example the simple example one...

$doc = [xml]@'

'@
$doc.xml.Section.BEName

# Or more dynamically

[xml]$XmlContent = Get-Content variable:\doc
$XmlContent.xml.Section.BEName

I have no GPO for Outlook configs, so I cannot say what that would look like.
Yet, using a general output from a workstation..

# Using the cmdlets
$GpoReport = $env:COMPUTERNAME + '_' + 'GpoAll.xml'
Get-GPOReport -All -ReportType XML -Path "c:\Temp\$GpoReport"
[xml]$GpoContent = Get-Content -Path c:\temp\$GpoReport

# So, now that we have the content in a variable, we can start navigating the report
# Root element / node
$GpoContent

xml report
— —— version="1.0" encoding="utf-16" report

# child element / node... and so on...
$GpoContent.report

GPO

{Default Domain Policy, Default Domain Controllers Policy}

$GpoContent.report.GPO

xsd : http://www.w3.org/2001/XMLSchema
xsi : http://www.w3.org/2001/XMLSchema-instance
xmlns : http://www.microsoft.com/GroupPolicy/Settings
Identifier : Identifier
Name : Default Domain Policy
IncludeComments : true
CreatedTime : 2017-04-01T00:02:13
ModifiedTime : 2017-04-01T00:07:20
ReadTime : 2017-11-19T07:58:53.2761454Z
SecurityDescriptor : SecurityDescriptor
FilterDataAvailable : true
Computer : Computer
User : User
LinksTo : LinksTo

xsd : http://www.w3.org/2001/XMLSchema
xsi : http://www.w3.org/2001/XMLSchema-instance
xmlns : http://www.microsoft.com/GroupPolicy/Settings
Identifier : Identifier
Name : Default Domain Controllers Policy
IncludeComments : true
CreatedTime : 2017-04-01T00:02:13
ModifiedTime : 2017-10-30T03:49:12
ReadTime : 2017-11-19T07:58:56.8300864Z
SecurityDescriptor : SecurityDescriptor
FilterDataAvailable : true
Computer : Computer
User : User
LinksTo : LinksTo

$GpoContent.report.GPO | Select User
$GpoContent.report.GPO | Select User -First 1

User
—-
User

($GpoContent.report.GPO)[0]

xsd : http://www.w3.org/2001/XMLSchema
xsi : http://www.w3.org/2001/XMLSchema-instance
xmlns : http://www.microsoft.com/GroupPolicy/Settings
Identifier : Identifier
Name : Default Domain Policy
IncludeComments : true
CreatedTime : 2017-04-01T00:02:13
ModifiedTime : 2017-04-01T00:07:20
ReadTime : 2017-11-19T07:58:53.2761454Z
SecurityDescriptor : SecurityDescriptor
FilterDataAvailable : true
Computer : Computer
User : User
LinksTo : LinksTo

($GpoContent.report.GPO)[0].Computer
< # VersionDirectory VersionSysvol Enabled ExtensionData —————- ————- ——- ————- 3 3 true {Security, Public Key, Registry} ($GpoContent.report.GPO)[0].Computer.ExtensionData ——— —- Extension Security Extension Public Key Extension Registry ($GpoContent.report.GPO)[0].Computer.ExtensionData.Extension <# q1 type Account SecurityOptions — —- ——- ————— http://www.microsoft.com/GroupPolicy/... q1:SecuritySettings {ClearTextPassword, LockoutBadCount, ... {q1:SecurityOptions, q1:SecurityOptio...
q2:PublicKeySettings
q3:RegistrySettings

($GpoContent.report.GPO)[0].Computer.ExtensionData.Extension.Account | ft -AutoSize

Name SettingBoolean Type
—- ————– —-
ClearTextPassword false Password
LockoutBadCount Account Lockout
MaximumPasswordAge Password
MinimumPasswordAge Password
MinimumPasswordLength Password
PasswordComplexity true Password
PasswordHistorySize Password
MaxClockSkew Kerberos
MaxRenewAge Kerberos
MaxServiceAge Kerberos
MaxTicketAge Kerberos
TicketValidateClient true Kerberos

You can also, just search the XML doc directly for string matches.

Select-String -Path "c:\temp\$GpoReport" -Pattern Password

November 19, 2017 at 8:58 am

Well, it's a file, and if you are after specific parts of it, you are going to have to parse it.

See these articles —

'blogs.technet.com/b/heyscriptingguy/archive/2012/03/26/use-powershell-to-parse-an-xml-file-and-sort-the-data.aspx'
'petri.com/search-xml-files-powershell-using-select-xml'

XML can be a challenge, but once you have it as an object navigation is fairly straight forward. Well, as long as that XML is well structured.

$doc = [xml]@'
'Some XML doc pasted here'
'@
$doc.xml.Section.BEName

# Or more dynamically

[xml]$cn = Get-Content variable:\doc
$cn.xml.Section.BEName

# Using the cmdlets
$GpoReport = $env:COMPUTERNAME + '_' + 'GpoAll.xml'
Get-GPOReport -All -ReportType XML -Path "c:\Temp\$GpoReport"
[xml]$GpoContent = Get-Content -Path c:\temp\$GpoReport

# Navigating the report
$GpoContent

$GpoContent.report

$GpoContent.report.GPO

$GpoContent.report.GPO | Select User
$GpoContent.report.GPO | Select User -First 1

($GpoContent.report.GPO)[0]

($GpoContent.report.GPO)[0].Computer

($GpoContent.report.GPO)[0].Computer.ExtensionData

($GpoContent.report.GPO)[0].Computer.ExtensionData.Extension

($GpoContent.report.GPO)[0].Computer.ExtensionData.Extension.Account | ft -AutoSize

Select-String -Path "c:\temp\$GpoReport" -Pattern Password

November 19, 2017 at 4:15 pm

There is an excel spreadsheet with all the gpo's, not just the ones set: https://www.microsoft.com/en-us/download/details.aspx?id=25250

get-gpresultantsetofpolicy won't do the trick, or gpresult? There's also a powershell module to read the local .pol files: http://brandonpadgett.com/powershell/Local-gpo-powershell/

November 20, 2017 at 9:16 pm

I want to use powershell to monitor changes automatically, thanks you

November 20, 2017 at 9:36 pm

Thank you.
This is what I got so far:

[xml]$GpoReport = Get-Content "C:\GPO\newwin10.xml"
[XML]$GpoReport = Get-GPOReport -Name Win10Test-V2 -ReportType xml

$RegistryNamespace = @{ RegistrySettings="http://www.microsoft.com/GroupPolicy/Settings/Registry" }
$RegistrySettings = Select-Xml -Xml $GpoReport -Namespace $RegistryNamespace -XPath "//RegistrySettings:RegistrySetting"
$OutlookSettings = $RegistrySettings | Select -ExpandProperty Node | Where KeyPath -like "*Outlook*"

$All = foreach ( $R in $OutlookSettings ) {
    $Values = $R | Select -ExpandProperty Value | Select Name, Number, ExpString, String
    $Values | Add-Member -Name KeyPath    -MemberType NoteProperty -Value $R.KeyPath
    $Values | Add-Member -Name AdmSetting -MemberType NoteProperty -Value $R.AdmSetting
    $Values | Add-Member -Name Prefix -MemberType NoteProperty -Value $R.Prefix
    $Values
    Remove-Variable Values
}
$All | Out-GridView

Still have to transformer into a function but I believe most of the work already done. New I have to get the Group Policy Preferences setting, using the Get-GPPrefRegistryValue cmdlts