如何进行PowerShell 脚本域策略管理,很多新手对此不是很清楚,为了帮助大家解决这个难题,下面小编将为大家详细讲解,有这方面需求的人可以来学习下,希望你能有所收获。
大中型企业中,会设置许多组策略进行日常运维管理 ,毕然里面也存在许多废弃的策略,需要我们定期清理我们的组策略信息。通常我们导出HTML报告方式来帮助我们分析组策略信息:
#1
首先需要加载GroupPolicy模块:
Import-Module GroupPolicy
将GPO导出为一个HTML报告:
Get-GPOReport -All -ReportType html -Path C:\GPOReports\GposReport.html
#2
将每个GPO导出生成自己的HTML报告中:
Get-GPO -All | %{
Get-GPOReport -name $_.displayname -ReportType html -path ("c:\GPOReports\"+$_.displayname+".html")
}#3
让我们查询所有设置被禁用的GPO策略:
$reportFile = "c:\GPOReports\AllSettingsDisabledGpos.csv"
Set-Content -Path $reportFile -Value ("GPO Name,Settings")
Get-GPO -All | where{ $_.GpoStatus -eq "AllSettingsDisabled" } | % {
add-Content -Path $reportFile -Value ($_.displayName+","+$_.gpoStatus)
}#4
查询没有应用到任何用户的Gpo策略
$reportFile = "c:\GPOReports\GPOApplyToPermissions.csv"
Set-Content -Path $reportFile -Value ("GPO Name,User/Group,Denied")
Get-GPO -All | %{
$gpoName = $_.displayName
[int]$counter = 0
$security = $_.GetSecurityInfo()
$security | where{ $_.Permission -eq "GpoApply" } | %{
add-Content -Path $reportFile -Value ($gpoName + "," + $_.trustee.name+","+$_.denied)
$counter += 1
}
if ($counter -eq 0)
{
add-Content -Path $reportFile -Value ($gpoName + ",NOT APPLIED")
}
}#4
获取GPO,链接和WMI过滤器:
$reportFile = "c:\GPOReports\GPOLinksAndWMIFilters.csv"
Set-Content -Path $reportFile -Value ("GPO Name,# Links,Link Path,Enabled,No Override,WMI Filter")
$gpmc = New-Object -ComObject GPMgmt.GPM
$constants = $gpmc.GetConstants()
Get-GPO -All | %{
[int]$counter = 0
[xml]$report = $_.GenerateReport($constants.ReportXML)
try
{
$wmiFilterName = $report.gpo.filtername
}
catch
{
$wmiFilterName = "none"
}
$report.GPO.LinksTo | % {
if ($_.SOMPath -ne $null)
{
$counter += 1
add-Content -Path $reportFile -Value ($report.GPO.Name + "," + $report.GPO.linksto.Count + "," + $_.SOMPath + "," + $_.Enabled + "," + $_.NoOverride + "," + $wmiFilterName)
}
}
if ($counter -eq 0)
{
add-Content -Path $reportFile -Value ($report.GPO.Name + "," + $counter + "," + "NO LINKS" + "," + "NO LINKS" + "," + "NO LINKS")
}
}#5
查询具有阻止GPO继承的组织单位:
Import-Module ActiveDirectory
$reportFile = "c:\GPOReports\OUsWithBlockInharit.csv"
set-Content -Path $reportFile -Value ("Block Inharitance OU Path")
Get-ADOrganizationalUnit -SearchBase "DC=Your,DC=Domain" -Filter * | Get-GPInheritance | Where-Object { $_.GPOInheritanceBlocked } | %{
add-Content -Path $reportFile -Value ($_.path)
}看完上述内容是否对您有帮助呢?如果还想对相关知识有进一步的了解或阅读更多相关文章,请关注亿速云行业资讯频道,感谢您对亿速云的支持。
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。
