This script searches through all GPOs and find whatever search string you were looking for.
You will need to do this as a domain admin, otherwise GPOs that only apply to specific security groups (and your account does not belong to them) you will not see.
This is a very basic search tool, there are “better” ones out there that read the XML properly , but this one is quick to give you the list of GPOs that may be affected by you change so you can
All this does is export each GPO as an XML File and searches it for a text string.
You should verify that what you are looking for already exists in a specific GPO and that when you run this script, that GPO is listed in the results.
So just run the script (as administrator) and then you just need to enter the string you are looking for at the prompt.
So two examples:
- 17F46F6144A6\\Root\\PiMS.exe
We are looking for an executable in this example we are looking for something containing 17F46F6144A6\Root\PiMS.exe. NOTE: We need to escape the \ with another \ for it to work. - wpad.dat
In this example we are searching though the GPOs for any reference to wpad.dat
Param ( # Param1 help description [Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true, Position=0)] [String] $StringToFind ) Begin { $GPOsToCheck = get-gpo -all |Sort-Object -property displayname Write-Host " Checking through" $GPOsToCheck.count "GPO's" } Process { $ListOFAffectedGPOs = @() $count = 1 $GPOsToCheckCount = $GPOsToCheck.count foreach ($item in $GPOsToCheck) { $Result = Get-GPOReport -name $item.DisplayName -ReportType XML if ($Result -match $StringToFind) { $ListOFAffectedGPOs += $item.DisplayName } else { } Write-Host "$count of $GPOsToCheckCount" $count++ } Write-Host "List of GPO's that contain $StringToFind" -ForegroundColor Green $ListOFAffectedGPOs $ListOFAffectedGPOs.count } End { }
Example output
PS C:\WINDOWS\system32> .\Get-GPOThatContains.ps1
cmdlet Get-GPOThatContains.ps1 at command pipeline position 1
Supply values for the following parameters:
StringToFind: wpad.dat
Checking through 382 GPO’s
1 of 382
2 of 382
3 of 382
….
381 of 382
382 of 382
List of GPO’s that contain wpad.dat
Win7-Prod-BaseUserPolicy
Exception F12 – IE8 User Policy
Win7-Prod-BaseUserPolicy
IE Settings User Policy
User Policy – WPAD4XP
Win7 – User Internet Explorer Policy
Enjoy!