none
Extract Default Domain Policy - Security Setting's report using Powershell RRS feed

  • Question

  • Hi Experts,

    Is it possible to extract Security Settings report from Default Domain Policy (i.e. Minimum password age, length, lockout duration, etc.)for bulk windows servers using Powershell scripts?

    Regards,

    Ravi 


    • Edited by Rai01 Monday, July 2, 2018 6:35 AM
    • Moved by Bill_Stewart Wednesday, September 5, 2018 10:00 PM This is not "scripts on demand"
    Monday, July 2, 2018 6:34 AM

All replies

  • Hi jrv,

    I am using following script to generate GPO Default Policy Report for bulk servers, but it just generating an empty output html file. 

    Can you please advise what is missing? 

    function GPOreport { 
    $computers = Get-Content 'C:\servers.txt'
    $ErrorActionPreference = 'Stop'   
    ForEach ($computer in $computers) {  
    
    try  
    { 
    
     Get-GPOReport -Name "Default Domain Policy" -Server $computer -ReportType Html 
    
    } 
    
    catch  
    
    { 
      Add-content $computer -path "$env:USERPROFILE\Desktop\Notreachable_Servers.txt"
    }  
    } 
    
    } 
    GPOreport > "$env:USERPROFILE\Desktop\GPOReport.html"

    Thanks 

    Monday, July 2, 2018 11:59 PM
  • You cannot put more than on report per file:

    function GPOreport { 
        $computers = Get-Content 'C:\servers.txt'
        ForEach ($computer in $computers) {  
            try{ 
                Get-GPOReport -Name "Default Domain Policy" -Server $computer -ReportType Html -ErrorAction Stop |
                    Out-File "$env:USERPROFILE\Desktop\$computer.html"
            } 
            catch{ 
              Add-content $computer -path "$env:USERPROFILE\Desktop\Notreachable_Servers.txt"
            } 
        }
    }
    GPOreport


    \_(ツ)_/

    Tuesday, July 3, 2018 12:09 AM
  • That make sense, thanks.

    However, I am getting following error while running below command:

    COMMAND 
    
    
     Get-GPOReport -Name "Default Domain Policy" -Server AU-ABCTEST645 -ReportType Html -ErrorAction Stop | Out-File "$env:USERPROFILE\Desktop\$computer.html"
    
    
    RESULT 
    
    Get-GPOReport : The server is not operational. (Exception from HRESULT: 0x8007203A)
    At line:1 char:1
    + Get-GPOReport -Name "Default Domain Policy" -Server AU-ABCTEST534 -Rep ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Get-GPOReport], COMException
        + FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Microsoft.GroupPolicy.Commands.GetGpoReportCommand


    Tuesday, July 3, 2018 12:20 AM
  • Not a scripting issue.  Fix the bad server.


    \_(ツ)_/

    Tuesday, July 3, 2018 12:23 AM
  • Alright, thanks 
    Tuesday, July 3, 2018 12:25 AM