More on searching group policy

Here’s a quick follow-up to our last post on the existence of GPO search. One of our MVPs, Alan, has a great post up about a Group Policy Search webapp (Previously mentioned on this blog). It includes instructions on how to install a Windows Search connector – so you can use this search right from Windows Explorer!

 

Someone noted that you can't search for comments in the GPMC search. Very true! However, by using the "Description" property exposed by Group Policy cmdlets in Powershell, we might be able to make something work…

 

This script searches for policies with comments and displays them:

 

 

import-module grouppolicy; #use group policy cmdlet

$arrPolicy = get-gpo –all; #get all GPOs and store them in an array

$arrCommented = @(); #create an empty array for GPOs matching our criteria (in this case, commented GPOs)

Foreach($GPO in $arrPolicy) {

 If ($GPO.Description) { $arrCommented += $GPO; } #if it has a comment, add it to the array

}

Write-output (format-list –property DisplayName, Description –inputobject $arrCommented); #Make it look pretty and then print it

 

This script searches for policies with comments and displays them. In Powershell, you can test for the existence of a property with  if($property) and the non-existence of a property  if(!$property) . (These statements can also be understood as:

 if ($property -eq $NULL) and if($property –ne $NULL)

respectively.  Just one of the many shortcuts Powershell provides!)

Once you have this up and running, you can try a few other things. Want to search for a specific substring within the comments? Replace the if-statement above with these two lines:

If ($GPO.Description)

{ if ( $GPO.Description.contains(“foo”) ) {$arrCommented += $GPO; } }

The first if-statement is still checking for existence, so the second if-statement can be assured the description exists – and look through it for any specific string.

Of course, this script probably could be reduced down to a few lines. If anyone wants to go golfing with this script, post your best entry in the comments!

No Comments