Find specific setting in GPO

This topic contains 5 replies, has 3 voices, and was last updated by  Antonio Mourao 3 weeks, 2 days ago.

  • Author
    Posts
  • #84542

    Antonio Mourao
    Participant

    Hi,
    I'm a Exchange Administrator, now I was given the tasks to validate a new Desktop image with Windows 10 and Office 2016, with get-gpresultantsetofpolicy, get-gporeport, I found out what GPO are configured and export to HTML and XML. I now this GPO are build based on old GPO.

    Is there any other way to find all outlook settings in a GPO with out parse the XML file (From the Get-GPOReport)?
    Parsing XML is very hard for me.

    Thanks
    António

  • #84548

    postanote
    Participant

    Well, it is a file, so if you are after only specific info, then you have to parse it.

    Parsing XML an be a challenge...

    'blogs.technet.com/b/heyscriptingguy/archive/2012/03/26/use-powershell-to-parse-an-xml-file-and-sort-the-data.aspx'

    ...but as long as you know what tagged area you want, it's fairly straight forward. Well, depending on how that XML file is defined. For example the simple example one...

    $doc = [xml]@'

    '@
    $doc.xml.Section.BEName

    # Or more dynamically

    [xml]$XmlContent = Get-Content variable:\doc
    $XmlContent.xml.Section.BEName

    I have no GPO for Outlook configs, so I cannot say what that would look like.
    Yet, using a general output from a workstation..

    # Using the cmdlets
    $GpoReport = $env:COMPUTERNAME + '_' + 'GpoAll.xml'
    Get-GPOReport -All -ReportType XML -Path "c:\Temp\$GpoReport"
    [xml]$GpoContent = Get-Content -Path c:\temp\$GpoReport

    # So, now that we have the content in a variable, we can start navigating the report
    # Root element / node
    $GpoContent

    xml report
    — —— version="1.0" encoding="utf-16" report

    # child element / node... and so on...
    $GpoContent.report

    GPO

    {Default Domain Policy, Default Domain Controllers Policy}

    $GpoContent.report.GPO

    xsd : http://www.w3.org/2001/XMLSchema
    xsi : http://www.w3.org/2001/XMLSchema-instance
    xmlns : http://www.microsoft.com/GroupPolicy/Settings
    Identifier : Identifier
    Name : Default Domain Policy
    IncludeComments : true
    CreatedTime : 2017-04-01T00:02:13
    ModifiedTime : 2017-04-01T00:07:20
    ReadTime : 2017-11-19T07:58:53.2761454Z
    SecurityDescriptor : SecurityDescriptor
    FilterDataAvailable : true
    Computer : Computer
    User : User
    LinksTo : LinksTo

    xsd : http://www.w3.org/2001/XMLSchema
    xsi : http://www.w3.org/2001/XMLSchema-instance
    xmlns : http://www.microsoft.com/GroupPolicy/Settings
    Identifier : Identifier
    Name : Default Domain Controllers Policy
    IncludeComments : true
    CreatedTime : 2017-04-01T00:02:13
    ModifiedTime : 2017-10-30T03:49:12
    ReadTime : 2017-11-19T07:58:56.8300864Z
    SecurityDescriptor : SecurityDescriptor
    FilterDataAvailable : true
    Computer : Computer
    User : User
    LinksTo : LinksTo

    $GpoContent.report.GPO | Select User
    $GpoContent.report.GPO | Select User -First 1

    User
    —-
    User

    ($GpoContent.report.GPO)[0]

    xsd : http://www.w3.org/2001/XMLSchema
    xsi : http://www.w3.org/2001/XMLSchema-instance
    xmlns : http://www.microsoft.com/GroupPolicy/Settings
    Identifier : Identifier
    Name : Default Domain Policy
    IncludeComments : true
    CreatedTime : 2017-04-01T00:02:13
    ModifiedTime : 2017-04-01T00:07:20
    ReadTime : 2017-11-19T07:58:53.2761454Z
    SecurityDescriptor : SecurityDescriptor
    FilterDataAvailable : true
    Computer : Computer
    User : User
    LinksTo : LinksTo

    ($GpoContent.report.GPO)[0].Computer
    < # VersionDirectory VersionSysvol Enabled ExtensionData —————- ————- ——- ————- 3 3 true {Security, Public Key, Registry} ($GpoContent.report.GPO)[0].Computer.ExtensionData ——— —- Extension Security Extension Public Key Extension Registry ($GpoContent.report.GPO)[0].Computer.ExtensionData.Extension <# q1 type Account SecurityOptions — —- ——- ————— http://www.microsoft.com/GroupPolicy/... q1:SecuritySettings {ClearTextPassword, LockoutBadCount, ... {q1:SecurityOptions, q1:SecurityOptio...
    q2:PublicKeySettings
    q3:RegistrySettings

    ($GpoContent.report.GPO)[0].Computer.ExtensionData.Extension.Account | ft -AutoSize

    Name SettingBoolean Type
    —- ————– —-
    ClearTextPassword false Password
    LockoutBadCount Account Lockout
    MaximumPasswordAge Password
    MinimumPasswordAge Password
    MinimumPasswordLength Password
    PasswordComplexity true Password
    PasswordHistorySize Password
    MaxClockSkew Kerberos
    MaxRenewAge Kerberos
    MaxServiceAge Kerberos
    MaxTicketAge Kerberos
    TicketValidateClient true Kerberos

    You can also, just search the XML doc directly for string matches.

    Select-String -Path "c:\temp\$GpoReport" -Pattern Password


  • postanote
    Participant

    Well, it's a file, and if you are after specific parts of it, you are going to have to parse it.

    See these articles —

    'blogs.technet.com/b/heyscriptingguy/archive/2012/03/26/use-powershell-to-parse-an-xml-file-and-sort-the-data.aspx'
    'petri.com/search-xml-files-powershell-using-select-xml'

    XML can be a challenge, but once you have it as an object navigation is fairly straight forward. Well, as long as that XML is well structured.

    $doc = [xml]@'
    'Some XML doc pasted here'
    '@
    $doc.xml.Section.BEName

    # Or more dynamically

    [xml]$cn = Get-Content variable:\doc
    $cn.xml.Section.BEName

    # Using the cmdlets
    $GpoReport = $env:COMPUTERNAME + '_' + 'GpoAll.xml'
    Get-GPOReport -All -ReportType XML -Path "c:\Temp\$GpoReport"
    [xml]$GpoContent = Get-Content -Path c:\temp\$GpoReport

    # Navigating the report
    $GpoContent

    $GpoContent.report

    $GpoContent.report.GPO

    $GpoContent.report.GPO | Select User
    $GpoContent.report.GPO | Select User -First 1

    ($GpoContent.report.GPO)[0]

    ($GpoContent.report.GPO)[0].Computer

    ($GpoContent.report.GPO)[0].Computer.ExtensionData

    ($GpoContent.report.GPO)[0].Computer.ExtensionData.Extension

    ($GpoContent.report.GPO)[0].Computer.ExtensionData.Extension.Account | ft -AutoSize

    Select-String -Path "c:\temp\$GpoReport" -Pattern Password

    • #84659

      Antonio Mourao
      Participant

      Thank you.
      This is what I got so far:

      [xml]$GpoReport = Get-Content "C:\GPO\newwin10.xml"
      [XML]$GpoReport = Get-GPOReport -Name Win10Test-V2 -ReportType xml
      
      $RegistryNamespace = @{ RegistrySettings="http://www.microsoft.com/GroupPolicy/Settings/Registry" }
      $RegistrySettings = Select-Xml -Xml $GpoReport -Namespace $RegistryNamespace -XPath "//RegistrySettings:RegistrySetting"
      $OutlookSettings = $RegistrySettings | Select -ExpandProperty Node | Where KeyPath -like "*Outlook*"
      
      $All = foreach ( $R in $OutlookSettings ) {
          $Values = $R | Select -ExpandProperty Value | Select Name, Number, ExpString, String
          $Values | Add-Member -Name KeyPath    -MemberType NoteProperty -Value $R.KeyPath
          $Values | Add-Member -Name AdmSetting -MemberType NoteProperty -Value $R.AdmSetting
          $Values | Add-Member -Name Prefix -MemberType NoteProperty -Value $R.Prefix
          $Values
          Remove-Variable Values
      }
      $All | Out-GridView
      

      Still have to transformer into a function but I believe most of the work already done. New I have to get the Group Policy Preferences setting, using the Get-GPPrefRegistryValue cmdlts

  • #84551

    js
    Participant

    There is an excel spreadsheet with all the gpo's, not just the ones set: https://www.microsoft.com/en-us/download/details.aspx?id=25250

    get-gpresultantsetofpolicy won't do the trick, or gpresult? There's also a powershell module to read the local .pol files: http://brandonpadgett.com/powershell/Local-gpo-powershell/

    • #84656

      Antonio Mourao
      Participant

      I want to use powershell to monitor changes automatically, thanks you

You must be logged in to reply to this topic.