您好,登錄后才能下訂單哦!
如何進行PowerShell 腳本域策略管理,很多新手對此不是很清楚,為了幫助大家解決這個難題,下面小編將為大家詳細講解,有這方面需求的人可以來學習下,希望你能有所收獲。
大中型企業中,會設置許多組策略進行日常運維管理 ,畢然里面也存在許多廢棄的策略,需要我們定期清理我們的組策略信息。通常我們導出HTML報告方式來幫助我們分析組策略信息:
#1
首先需要加載GroupPolicy模塊:
Import-Module GroupPolicy
將GPO導出為一個HTML報告:
Get-GPOReport -All -ReportType html -Path C:\GPOReports\GposReport.html
#2
將每個GPO導出生成自己的HTML報告中:
Get-GPO -All | %{ Get-GPOReport -name $_.displayname -ReportType html -path ("c:\GPOReports\"+$_.displayname+".html") }
#3
讓我們查詢所有設置被禁用的GPO策略:
$reportFile = "c:\GPOReports\AllSettingsDisabledGpos.csv" Set-Content -Path $reportFile -Value ("GPO Name,Settings") Get-GPO -All | where{ $_.GpoStatus -eq "AllSettingsDisabled" } | % { add-Content -Path $reportFile -Value ($_.displayName+","+$_.gpoStatus) }
#4
查詢沒有應用到任何用戶的Gpo策略
$reportFile = "c:\GPOReports\GPOApplyToPermissions.csv" Set-Content -Path $reportFile -Value ("GPO Name,User/Group,Denied") Get-GPO -All | %{ $gpoName = $_.displayName [int]$counter = 0 $security = $_.GetSecurityInfo() $security | where{ $_.Permission -eq "GpoApply" } | %{ add-Content -Path $reportFile -Value ($gpoName + "," + $_.trustee.name+","+$_.denied) $counter += 1 } if ($counter -eq 0) { add-Content -Path $reportFile -Value ($gpoName + ",NOT APPLIED") } }
#4
獲取GPO,鏈接和WMI過濾器:
$reportFile = "c:\GPOReports\GPOLinksAndWMIFilters.csv" Set-Content -Path $reportFile -Value ("GPO Name,# Links,Link Path,Enabled,No Override,WMI Filter") $gpmc = New-Object -ComObject GPMgmt.GPM $constants = $gpmc.GetConstants() Get-GPO -All | %{ [int]$counter = 0 [xml]$report = $_.GenerateReport($constants.ReportXML) try { $wmiFilterName = $report.gpo.filtername } catch { $wmiFilterName = "none" } $report.GPO.LinksTo | % { if ($_.SOMPath -ne $null) { $counter += 1 add-Content -Path $reportFile -Value ($report.GPO.Name + "," + $report.GPO.linksto.Count + "," + $_.SOMPath + "," + $_.Enabled + "," + $_.NoOverride + "," + $wmiFilterName) } } if ($counter -eq 0) { add-Content -Path $reportFile -Value ($report.GPO.Name + "," + $counter + "," + "NO LINKS" + "," + "NO LINKS" + "," + "NO LINKS") } }
#5
查詢具有阻止GPO繼承的組織單位:
Import-Module ActiveDirectory $reportFile = "c:\GPOReports\OUsWithBlockInharit.csv" set-Content -Path $reportFile -Value ("Block Inharitance OU Path") Get-ADOrganizationalUnit -SearchBase "DC=Your,DC=Domain" -Filter * | Get-GPInheritance | Where-Object { $_.GPOInheritanceBlocked } | %{ add-Content -Path $reportFile -Value ($_.path) }
看完上述內容是否對您有幫助呢?如果還想對相關知識有進一步的了解或閱讀更多相關文章,請關注億速云行業資訊頻道,感謝您對億速云的支持。
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。