-
Notifications
You must be signed in to change notification settings - Fork 0
/
Windows GPO
52 lines (38 loc) · 1.19 KB
/
Windows GPO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
Export/Import
--------------------
Pre-Requisite:
Microsoft Security Compliance Toolkit i,e LGPO
Copy LGPO to C:Temp
Export:
lgpo.exe /b C:\Temp /n “"Hostname"_GPO_BACKUP”
Parse to txt file:
MACINE|LGPO.exe /parse /m C:\Temp\LGPO_Backup\DomainSysvol\GPO\Machine\registry.pol >> C:\Temp\lgpo.txt
USER|LGPO.exe /parse /m C:\Temp\LGPO_Backup\DomainSysvol\GPO\User\registry.pol >> C:\Temp\lgpo.txt
Any GPOs not needed can be removed
To reset a GPO to un configured add a DELTE. i.e
"
Computer
Software\Policies\Microsoft\Windows\WindowsUpdate
WUStatusServer
DELETE
"
Import:
LGPO.exe /t C:\Temp\lgpo.txt
View Applied GPOs:
gpresult /r
View Applied GPOs based on username:
gpresult /r /user username
Export GPO report:
gpresult /h path_to_report\gp_report.html
Export GPO report based on username:
gpresult /h /user username path_to_report\gpreport.html
GPUdate on remote computer:
Invoke-GPUpdate -Computer "DOMAIN\COMP01"
Run Report on all GPOs:
Get-GPOReport -All -ReportType HTML -Path "C:\tmp\AllGPOs.html"
Obtain specific GPO:
Get-GPO -Name "screenaver"
vie GPO based on GUID:
Get-GPO -Guid "guid here"
Export GPO based on GUID:
Get-GPOReport -Guid "guid here" -ReportType HTML -Path "C:\GPO.html"