zoukankan      html  css  js  c++  java

  • PowerShell 脚本域策略管理

    大中型企业中,会设置许多组策略进行日常运维管理 ,毕然里面也存在许多废弃的策略,需要我们定期清理我们的组策略信息。通常我们导出HTML报告方式来帮助我们分析组策略信息:

    #1

    首先需要加载GroupPolicy模块:

    Import-Module GroupPolicy

    将GPO导出为一个HTML报告:

    Get-GPOReport -All -ReportType html -Path C:GPOReportsGposReport.html

    #2

    将每个GPO导出生成自己的HTML报告中:

    Get-GPO -All | %{

Get-GPOReport -name $_.displayname -ReportType html -path ("c:GPOReports"+$_.displayname+".html")

}

    #3

    让我们查询所有设置被禁用的GPO策略:

    $reportFile = "c:GPOReportsAllSettingsDisabledGpos.csv"

Set-Content -Path $reportFile -Value ("GPO Name,Settings")

Get-GPO -All | where{ $_.GpoStatus -eq "AllSettingsDisabled" } | % {

add-Content -Path $reportFile -Value ($_.displayName+","+$_.gpoStatus)

}

    #4

    查询没有应用到任何用户的Gpo策略

    $reportFile = "c:GPOReportsGPOApplyToPermissions.csv"

Set-Content -Path $reportFile -Value ("GPO Name,User/Group,Denied")

Get-GPO -All | %{

$gpoName = $_.displayName

[int]$counter = 0

$security = $_.GetSecurityInfo()

$security | where{ $_.Permission -eq "GpoApply" } | %{

add-Content -Path $reportFile -Value ($gpoName + "," + $_.trustee.name+","+$_.denied)

$counter += 1

}

if ($counter -eq 0)

{

add-Content -Path $reportFile -Value ($gpoName + ",NOT APPLIED")

}

}

    #4

    获取GPO,链接和WMI过滤器:

    $reportFile = "c:GPOReportsGPOLinksAndWMIFilters.csv"

Set-Content -Path $reportFile -Value ("GPO Name,# Links,Link Path,Enabled,No Override,WMI Filter")

$gpmc = New-Object -ComObject GPMgmt.GPM

$constants = $gpmc.GetConstants()

Get-GPO -All | %{

[int]$counter = 0

[xml]$report = $_.GenerateReport($constants.ReportXML)

try

{

$wmiFilterName = $report.gpo.filtername

}

catch

{

$wmiFilterName = "none"

}

$report.GPO.LinksTo | % {

if ($_.SOMPath -ne $null)

{

$counter += 1

add-Content -Path $reportFile -Value ($report.GPO.Name + "," + $report.GPO.linksto.Count + "," + $_.SOMPath + "," + $_.Enabled + "," + $_.NoOverride + "," + $wmiFilterName)

}

}

if ($counter -eq 0)

{

add-Content -Path $reportFile -Value ($report.GPO.Name + "," + $counter + "," + "NO LINKS" + "," + "NO LINKS" + "," + "NO LINKS")

}

}

    #5

    查询具有阻止GPO继承的组织单位:

    Import-Module ActiveDirectory

$reportFile = "c:GPOReportsOUsWithBlockInharit.csv"

set-Content -Path $reportFile -Value ("Block Inharitance OU Path")

Get-ADOrganizationalUnit -SearchBase "DC=Your,DC=Domain" -Filter * | Get-GPInheritance | Where-Object { $_.GPOInheritanceBlocked } | %{

add-Content -Path $reportFile -Value ($_.path)

}
  • 相关阅读:
    Windows设置多用户同时远程登录
    Scala配置环境变量windows
    Java学习|强引用,软引用,弱引用,幻想引用有什么区别?
    Java学习|Exception和Error有什么区别?
    关于异常处理的几点建议
    win Server 2008 笔记
    .Net 初步学习笔记之三---变量
    认识与入门 MarkDown 标记语言
    C# winform基础 1、Timer不起作用 2、 设置图片透明
    IIS启动失败,启动Windows Process Activation Service时,出现错误13:数据无效 ;HTTP 错误 401.2
  • 原文地址:https://www.cnblogs.com/Aldj/p/8609851.html
Copyright © 2011-2022 走看看