| Author | external help file | Module Guid | Module Name | online version | schema |
|---|---|---|---|---|---|
Paul Boyer |
psvault-GroupPolicy-help.xml |
4891e4cf-7930-44f4-b133-4a167147f456 |
psvault-GroupPolicy |
2.0.0 |
Script to report GPOs in a domain that do not have accessible ACLs applied.
Check-GPPermissions [[-FilePath] <String>] [-Fix] [[-Exclude] <String[]>] [<CommonParameters>]
The script will evaluate which GPOs are lacking 'Apply' permissions for either Authenticated Users or Domain Computers. If neither permission is applied, the group policies themselves will not be applied. However, sometimes when a GPO is to be limited to a specific security group it is necessary to make the ACLs more targeted. With this in mind, certain GUIDs can excluded from the report.
Check-GPPermissions -FilePath C:\Temp\Report.txt
Check-GPPermissions -Fix
Path to where the report should be saved. This should be a .txt file.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSwitch parameter that will send the script into an interactive mode to fix the missing ACLs on GPOs
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: FalseString Array of GUIDs to exclude from evaluation
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThis cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.