Getting Windows Events can be painfully slow, but Get-WinEvent and a good filter can really speed things up. Get-GPOEvents.ps1, below, looks for the most recent cycle of user an computer GPO events found in in the Microsoft\Windows\GroupPolicy log. This data can be quite valuable in troubleshooting GPO issues. It works by looking for the user…
Tag: GPO
Remotely Execute GPRESULT, and Collect Results
A common program for troubleshooting group policies is gpresult. Get-GPResult_ps1. This interactive script uses WMI to allow the administrator to target an existing user on the remote computer, and then to run either gpresult /h or gpresult /v. The results are written to a temporary file on the remote machine, then displayed when the data…
Run Group Policy Update on Remote Computer
Run-GPUpdate_ps1 is a simple script to remotely execute gpupdate /force on a remote computer with this command: invoke-command -ScriptBlock { & cmd /c “C:\windows\system32\gpupdate.exe” /force } -Session $s
Report GPOs with Script References
How quickly can you answer this question: Which Group Policies reference batch files, vbscripts, or PowerShells? What is the best way to get the information and present it into a spreadsheet? I did it by searching SysVol for the script.ini and psscript.ini files, then reading the contents for the script path, command line and parameters. …
Launch the Group Policy Editor Outside the MMC
It is annoying that there isn’t a command line for the Group Policy Editor. To edit a GPO you must 1) open the Group Policy Management Console, 2) Open the list of Group Policies, 3) select the GPO you want to edit then 4) launch the editor – I right click and select ‘edit’. A…
Getting GPO GUID, Name from Active Directory
You don’t have to rely on the Group Policy Module to resolve the display name of a GPO from the GUID, or the GUID from the display name. Here are two short functions that will get that information from Active Directory. The first will return the GPO displayname attribute from a GUID. The GUID (sometimes…
Clear GPO Cache on Remote Computer with PowerShell
Clearing the GPO cache on a computer may be the only way to fix a persistent problem. Doing this involves deleting files, registry entries, and rebuilding the security database. Clear-GPOCache.ps1 works by creating a custom batch file on the remote computer, then scheduling a task running as System to run the process with the required…
Update GPOs with Newer Version
If you use GPOs to enforce baselines, you may find that your enterprise is moving from version 1.1 to version 1.2 of a GPO. Unfortunately for you, version 1.1 linked in a dozen places. Wouldn’t you rather just you search for version 1.1 and replace it with version 1.2? Use Update-GPOLinks.ps1 to do just that. …
Get All GPOs Linked to an OU
Get-AllGPOsLinkedToOU.ps1 returns a unique list of all GPO’s linked to an OU. You can also run a onelevel or subtree search to get a unique list of linked OUs at or below the selected OU. You are prompted for the domain, and navigate to desired OU.
Reset GPO Cache
This script deletes the locally stored copies of GPOs and forces a GPUPdate on a computer. Reset-GPOCache.ps1 works by a remote connection to the registry provider to get the path to the Group Policy\History folder, then deletes the files beneath that path. This ensures a fresh application of group polices.