Group Policy RSoP information

This topic contains 1 reply, has 2 voices, and was last updated by Profile photo of Don Jones Don Jones 5 months, 3 weeks ago.

  • Author
    Posts
  • #42511
    Profile photo of Wei-Yen Tan
    Wei-Yen Tan
    Participant

    Hi there,

    I am trying to do some Rsop (Group Policy reporting ) through powershell.

    I am using the simple command gpresult and use invoke-command. If I have logged onto the server previously through RDP then it works fine. I can get the results that i want.

    However I am doing some reporting on what should be applied on those machines that I have not logged onto. This poses a problem because there maybe hundreds of machines that I have not logged into.

    I did find a set of commands written on blog post that creates an xml that I can then read.

    I wrapped it around into a function and inside my lab environment it works fine. It creates the XML that I need and I am happy with that.
    However in my production environment at work

    It fails at this point:

    $gpmRSOP.CreateQueryResults()

    saying :

    Exception calling "CreateQueryResults" with "0" argument(s): "The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)"

    I am guessing that this is due to the fact that WMI is disabled on the hardware firewall. (There is a hardwarefirewall between the two networks)

    Is there any that I can push this through wsman (the servers i am going to target are win2012 r2 machines) so powershell remoting is enabled and the firewall is allowing that to be passed through.

    Is there any way that I can get the local function like this to be run through to the remote one like invoke-command?

    Thank you.

    
    function Export-GPResultantSetPolicyXML
    {
    
    	
    	[CmdletBinding()]
    	param
    	(
    		[Parameter(Mandatory = $true)]
    		[string]$path,
    		[Parameter(Mandatory = $true)]
    		[string]$computername
    	)
    	$xmlpath = Join-Path -Path $Path -ChildPath $computername"-gpresult.xml"
    	$outputfile = $xmlpath
    	$Computername = $computername
    	
    	$gpm = New-Object -ComObject GPmgmt.gpm
    	
    	$constants = $gpm.GetConstants()
    	$gpmRSOP = $GPM.GetRSOP($Constants.RSOPModeLogging, $null, 0)
    	$gpmRSOP.LoggingComputer = $ComputerName
    	$gpmRSOP.LoggingFlags = $Constants.RsopLoggingNoUser
    	$gpmRSOP.CreateQueryResults()
    	$gpmRSOP.GenerateReportToFile($constants.ReportXML, $outputfile)
    }
    
  • #42646
    Profile photo of Don Jones
    Don Jones
    Keymaster

    You could certainly wrap that entire function, and a call to it, in Invoke-Command.

    Invoke-Command -computer 'whatever' -scriptblock {
     function Export-GPResultantSetPolicyXML { ...etc... }
     Export-GPResultantSetPolicyXML -path /what/ever.xml -computer localhost
    }
    

    What might fail for you is the authentication needed to hit WMI – but I'm not sure. "Localhost" has some fun exceptions written into it that might make it work, and I'm not sure what kind of authentication that COM object is using.

You must be logged in to reply to this topic.