Powershell – Search all Group Policies (GPO) for a string

Posted on by Leave a comment

This script searches through all GPOs and find whatever search string you were looking for.
You will need to do this as a domain admin, otherwise GPOs that only apply to specific security groups (and your account does not belong to them) you will not see.

This is a very basic search tool,  there are “better” ones out there that read the XML properly , but this one is quick to give you the list of GPOs that may be affected by you change so you can

All this does is export each GPO as an XML File and searches it for a text string.

You should verify that what you are looking for already exists in a specific GPO and that when you run this script, that GPO is listed in the results.

So just run the script (as administrator) and then you just need to enter the string you are looking for at the prompt.

So two examples:

  1. 17F46F6144A6\\Root\\PiMS.exe
    We are looking for an executable in this example we are looking for something containing 17F46F6144A6\Root\PiMS.exe. NOTE: We need to escape the \  with another \ for it to work.
  2. wpad.dat
    In this example we are searching though the GPOs for any reference to wpad.dat

 

    Param
    (
        # Param1 help description
        [Parameter(Mandatory=$true,
                   ValueFromPipelineByPropertyName=$true,
                   Position=0)]
        [String]
        $StringToFind

    )

    Begin
    {
    $GPOsToCheck = get-gpo -all |Sort-Object -property displayname
    Write-Host " Checking through" $GPOsToCheck.count "GPO's"
    }
    Process
    {
    

$ListOFAffectedGPOs = @()
$count = 1
$GPOsToCheckCount = $GPOsToCheck.count
foreach ($item in $GPOsToCheck)
{
$Result = Get-GPOReport -name $item.DisplayName -ReportType XML    

if ($Result -match $StringToFind)
{
$ListOFAffectedGPOs += $item.DisplayName 
}
else
{
 
}
Write-Host "$count of $GPOsToCheckCount"
$count++  
}
Write-Host "List of GPO's that contain $StringToFind"  -ForegroundColor Green
$ListOFAffectedGPOs

$ListOFAffectedGPOs.count
    }
    End
    {
    }

 

Example output

 

PS C:\WINDOWS\system32> .\Get-GPOThatContains.ps1

cmdlet Get-GPOThatContains.ps1 at command pipeline position 1

Supply values for the following parameters:

StringToFind: wpad.dat

Checking through 382 GPO’s

1 of 382

2 of 382

3 of 382

….

381 of 382

382 of 382

List of GPO’s that contain wpad.dat

Win7-Prod-BaseUserPolicy

Exception F12 – IE8 User Policy

Win7-Prod-BaseUserPolicy

IE Settings User Policy

User Policy – WPAD4XP

Win7 – User Internet Explorer Policy

 

Enjoy!

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.