Group Policy RSoP information

Welcome Forums General PowerShell Q&A Group Policy RSoP information

This topic contains 1 reply, has 2 voices, and was last updated by

 
Keymaster
2 years, 6 months ago.

  • Author
    Posts
  • #42511

    Participant
    Points: 1
    Rank: Member

    Hi there,

    I am trying to do some Rsop (Group Policy reporting ) through powershell.

    I am using the simple command gpresult and use invoke-command. If I have logged onto the server previously through RDP then it works fine. I can get the results that i want.

    However I am doing some reporting on what should be applied on those machines that I have not logged onto. This poses a problem because there maybe hundreds of machines that I have not logged into.

    I did find a set of commands written on blog post that creates an xml that I can then read.

    I wrapped it around into a function and inside my lab environment it works fine. It creates the XML that I need and I am happy with that.
    However in my production environment at work

    It fails at this point:

    $gpmRSOP.CreateQueryResults()

    saying :

    Exception calling "CreateQueryResults" with "0" argument(s): "The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)"

    I am guessing that this is due to the fact that WMI is disabled on the hardware firewall. (There is a hardwarefirewall between the two networks)

    Is there any that I can push this through wsman (the servers i am going to target are win2012 r2 machines) so powershell remoting is enabled and the firewall is allowing that to be passed through.

    Is there any way that I can get the local function like this to be run through to the remote one like invoke-command?

    Thank you.

    
    function Export-GPResultantSetPolicyXML
    {
    
    	
    	[CmdletBinding()]
    	param
    	(
    		[Parameter(Mandatory = $true)]
    		[string]$path,
    		[Parameter(Mandatory = $true)]
    		[string]$computername
    	)
    	$xmlpath = Join-Path -Path $Path -ChildPath $computername"-gpresult.xml"
    	$outputfile = $xmlpath
    	$Computername = $computername
    	
    	$gpm = New-Object -ComObject GPmgmt.gpm
    	
    	$constants = $gpm.GetConstants()
    	$gpmRSOP = $GPM.GetRSOP($Constants.RSOPModeLogging, $null, 0)
    	$gpmRSOP.LoggingComputer = $ComputerName
    	$gpmRSOP.LoggingFlags = $Constants.RsopLoggingNoUser
    	$gpmRSOP.CreateQueryResults()
    	$gpmRSOP.GenerateReportToFile($constants.ReportXML, $outputfile)
    }
    
  • #42646

    Keymaster
    Points: 1,704
    Helping HandTeam Member
    Rank: Community Hero

    You could certainly wrap that entire function, and a call to it, in Invoke-Command.

    Invoke-Command -computer 'whatever' -scriptblock {
     function Export-GPResultantSetPolicyXML { ...etc... }
     Export-GPResultantSetPolicyXML -path /what/ever.xml -computer localhost
    }
    

    What might fail for you is the authentication needed to hit WMI – but I'm not sure. "Localhost" has some fun exceptions written into it that might make it work, and I'm not sure what kind of authentication that COM object is using.

The topic ‘Group Policy RSoP information’ is closed to new replies.