I have been tasked with finding all of our GPOs applied to servers without user configurations and have them set to disable the user side, since we have some Citrix policies that apply loopback we cannot assume that it is all of them. I started with trying to use the UserVersion but quickly found out that some of our policies have had user settings at one point and now they don't so the version is higher than zero. So, I came up with using the Get-GPOReport in XML and testing that. This is the meat of the function I came up with but it is REALLY slow. I've searched and cannot find anything better. Any suggestiongs?
$GPOs = Get-GPO -All | Where DisplayName -Like "Server -*"
ForEach ($GPO in $GPOs)
[xml]$XML = Get-GPOReport -Name $GPO.DisplayName -ReportType Xml
If (-not $XML.GPO.User.ExtensionData)
$GPO | Select DisplayName, ID, GpoStatus
It works, but since it touches each GPO twice I'm thinking there has to be a better way I cannot seem to find.