GPO Admin Template Policy Registry Value

Welcome Forums General PowerShell Q&A GPO Admin Template Policy Registry Value

This topic contains 2 replies, has 2 voices, and was last updated by

2 years, 10 months ago.

  • Author
  • #50121

    Topics: 6
    Replies: 5
    Points: 0
    Rank: Member

    Morning All,

    I`ve been tasked with writing a PowerShell script that generates a report of all of our GPO`s.

    I am wondering if there is a way using the GroupPolicy module to retrieve the location in the registry that an administrative template is modifying.

    For example,

    I have the policy Computer Configuration/Microsoft Office 2013 (Machine)/Updates Enable Automatic Updates set to disabled. Is it possible to get the full path under HKLM that this policy changes?

    I currently use a mix of Win7, Win8.1, and Win10 in my environment. PowerShell 4.0 and above in my environment as well.

  • #50278

    Topics: 1
    Replies: 302
    Points: 141
    Helping Hand
    Rank: Participant

    You can use Get-GPRegistry value but you have to specify the key. I knocked up this script which uses recursion to walk through a group policy object and expanding the key path until it finds a policy setting:

    function Get-GPORegistryKeys {
    param (
        $keyCollection = Get-GPRegistryValue -Name $GPOName -Key $key | Select -ExpandProperty FullKeyPath
        foreach ($subkey in $keyCollection) {
            $keyInfo = Get-GPRegistryValue -Name $GPOName -Key $subKey
            if (($keyInfo.gettype() | Select -expandproperty Name) -eq 'PolicyRegistrySetting') {
                Write-Output "$($keyInfo.fullkeypath)\$($keyInfo.valuename)"
            } #end if 
            else {
                Get-GPORegistryKeys -GPOName $GPOName -key $subkey
            } #end else 
        } #end foreach $subkey
    } #end Get-GPORegistryKeys function
    Get-GPORegistryKeys -GPOName TestSales -Key HKLM\Software


  • #53090

    Topics: 6
    Replies: 5
    Points: 0
    Rank: Member

    Thanks for the reply!

    I've tried the snippet, but the code is failing to produce any results on my machine.

    I've set some breakpoints in the code to see what's going on. It gets down to where some registry values are, but then gets stuck in a recursive loop.

    When stepping through the code, $keyinfo.gettype() returns System.Array for the basetype, object[] for the name.

The topic ‘GPO Admin Template Policy Registry Value’ is closed to new replies.