如何进行PowerShell 脚本域策略管理

如何进行PowerShell 脚本域策略管理，很多新手对此不是很清楚，为了帮助大家解决这个难题，下面小编将为大家详细讲解，有这方面需求的人可以来学习下，希望你能有所收获。

大中型企业中，会设置许多组策略进行日常运维管理 ，毕然里面也存在许多废弃的策略，需要我们定期清理我们的组策略信息。通常我们导出HTML报告方式来帮助我们分析组策略信息：

#1

首先需要加载GroupPolicy模块：

Import-Module GroupPolicy

将GPO导出为一个HTML报告：

Get-GPOReport -All -ReportType html -Path C:\GPOReports\GposReport.html

#2

将每个GPO导出生成自己的HTML报告中：

Get-GPO -All | %{Get-GPOReport -name $_.displayname -ReportType html -path ("c:\GPOReports\"+$_.displayname+".html")}

#3

让我们查询所有设置被禁用的GPO策略：

$reportFile = "c:\GPOReports\AllSettingsDisabledGpos.csv"Set-Content -Path $reportFile -Value ("GPO Name,Settings")Get-GPO -All | where{ $_.GpoStatus -eq "AllSettingsDisabled" } | % {add-Content -Path $reportFile -Value ($_.displayName+","+$_.gpoStatus)}

#4

查询没有应用到任何用户的Gpo策略

$reportFile = "c:\GPOReports\GPOApplyToPermissions.csv"Set-Content -Path $reportFile -Value ("GPO Name,User/Group,Denied")Get-GPO -All | %{$gpoName = $_.displayName[int]$counter = 0$security = $_.GetSecurityInfo()$security | where{ $_.Permission -eq "GpoApply" } | %{add-Content -Path $reportFile -Value ($gpoName + "," + $_.trustee.name+","+$_.denied)$counter += 1}if ($counter -eq 0){add-Content -Path $reportFile -Value ($gpoName + ",NOT APPLIED")}}

#4

获取GPO，链接和WMI过滤器：

$reportFile = "c:\GPOReports\GPOLinksAndWMIFilters.csv"Set-Content -Path $reportFile -Value ("GPO Name,# Links,Link Path,Enabled,No Override,WMI Filter")$gpmc = New-Object -ComObject GPMgmt.GPM$constants = $gpmc.GetConstants()Get-GPO -All | %{[int]$counter = 0[xml]$report = $_.GenerateReport($constants.ReportXML)try{$wmiFilterName = $report.gpo.filtername}catch{$wmiFilterName = "none"}$report.GPO.LinksTo | % {if ($_.SOMPath -ne $null){$counter += 1add-Content -Path $reportFile -Value ($report.GPO.Name + "," + $report.GPO.linksto.Count + "," + $_.SOMPath + "," + $_.Enabled + "," + $_.NoOverride + "," + $wmiFilterName)}}if ($counter -eq 0){add-Content -Path $reportFile -Value ($report.GPO.Name + "," + $counter + "," + "NO LINKS" + "," + "NO LINKS" + "," + "NO LINKS")}}

#5

查询具有阻止GPO继承的组织单位：

Import-Module ActiveDirectory$reportFile = "c:\GPOReports\OUsWithBlockInharit.csv"set-Content -Path $reportFile -Value ("Block Inharitance OU Path")Get-ADOrganizationalUnit -SearchBase "DC=Your,DC=Domain" -Filter * | Get-GPInheritance | Where-Object { $_.GPOInheritanceBlocked } | %{add-Content -Path $reportFile -Value ($_.path)}

看完上述内容是否对您有帮助呢？如果还想对相关知识有进一步的了解或阅读更多相关文章，请关注行业资讯频道，感谢您对的支持。