Group Policy Results

This topic contains 4 replies, has 3 voices, and was last updated by Profile photo of Jamie Davenport Jamie Davenport 1 year, 3 months ago.

  • Author
    Posts
  • #31044
    Profile photo of Jamie Davenport
    Jamie Davenport
    Participant

    I have "Bing'd", looked in help in PowerShell, and searched through forums, but I have not found anything to match what I'm looking for. Therefore I am wondering if it exists or if I have overlooked something.

    Is there any form of PowerShell command that is equivalent to using Group Policy Management to run "Group Policy Results" against a remote machine and pull back within the PowerShell window the results?
    The goal is see what's applied and what those settings are for a computer and a user.

    Any assistance is appreciated.

  • #31045
    Profile photo of Richard Siddaway
    Richard Siddaway
    Moderator

    Try
    Get-GPResultantSetOfPolicy

    from the GroupPolicy module. Its available in Windows server 2012 and later and the corresponding RSAT tools

  • #31046
    Profile photo of Don Jones
    Don Jones
    Keymaster
  • #31047
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Although, I should point out that RSOP isn't exactly the same as what you said. This isn't going to reach out to a machine and necessarily see what's applied. What it's going to do is reach out and see what **should have applied**, which isn't exactly the same thing. Group Policy as a technology doesn't have a way to test for the application of what was supposed to be applied – it kind of just assumes that whatever should have worked, did.

  • #31051
    Profile photo of Jamie Davenport
    Jamie Davenport
    Participant

    Thanks for the input. I think I found something closer by using a combination of PowerShell and a command-line utility. It doesn't give me the details that I want but it does give me policies applied to the user/computer, the security groups the objects have, and when it was applied based off of who was logged in.
    Here is what it is if anyone can use it and maybe build off of it.

    $LoggedOnUser = Get-WMIObject Win32_Process -filter 'name=""explorer.exe""' -computername " & HostName & " |	ForEach-Object { $owner = $_.GetOwner(); '{0}\{1}' -f $owner.Domain, $owner.User } | Sort-Object | Get-Unique ; gpresult /s " & HostName & " /user $LoggedOnUser /r
    

You must be logged in to reply to this topic.