Author Posts

June 10, 2016 at 12:27 am

Hi there,

I am trying to do some Rsop (Group Policy reporting ) through powershell.

I am using the simple command gpresult and use invoke-command. If I have logged onto the server previously through RDP then it works fine. I can get the results that i want.

However I am doing some reporting on what should be applied on those machines that I have not logged onto. This poses a problem because there maybe hundreds of machines that I have not logged into.

I did find a set of commands written on blog post that creates an xml that I can then read.

I wrapped it around into a function and inside my lab environment it works fine. It creates the XML that I need and I am happy with that.
However in my production environment at work

It fails at this point:


saying :

Exception calling "CreateQueryResults" with "0" argument(s): "The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)"

I am guessing that this is due to the fact that WMI is disabled on the hardware firewall. (There is a hardwarefirewall between the two networks)

Is there any that I can push this through wsman (the servers i am going to target are win2012 r2 machines) so powershell remoting is enabled and the firewall is allowing that to be passed through.

Is there any way that I can get the local function like this to be run through to the remote one like invoke-command?

Thank you.

function Export-GPResultantSetPolicyXML

		[Parameter(Mandatory = $true)]
		[Parameter(Mandatory = $true)]
	$xmlpath = Join-Path -Path $Path -ChildPath $computername"-gpresult.xml"
	$outputfile = $xmlpath
	$Computername = $computername
	$gpm = New-Object -ComObject GPmgmt.gpm
	$constants = $gpm.GetConstants()
	$gpmRSOP = $GPM.GetRSOP($Constants.RSOPModeLogging, $null, 0)
	$gpmRSOP.LoggingComputer = $ComputerName
	$gpmRSOP.LoggingFlags = $Constants.RsopLoggingNoUser
	$gpmRSOP.GenerateReportToFile($constants.ReportXML, $outputfile)

June 12, 2016 at 8:44 pm

You could certainly wrap that entire function, and a call to it, in Invoke-Command.

Invoke-Command -computer 'whatever' -scriptblock {
 function Export-GPResultantSetPolicyXML { ...etc... }
 Export-GPResultantSetPolicyXML -path /what/ever.xml -computer localhost

What might fail for you is the authentication needed to hit WMI – but I'm not sure. "Localhost" has some fun exceptions written into it that might make it work, and I'm not sure what kind of authentication that COM object is using.