Thursday, March 24, 2016

Finding scripts in GPOs

For this case I wrote a simple PowerShell easy to read script for finding GPOs with scripts and their links to OUs. The script requires domain administrator credential for enumerating GPOs machine startup folder. For populating $dc and $dom variables the script requires online domain controller and domain name. Then the script will start to enumerate policies folders searching for files with vbs,bat, and vbe extensions. It will also filter out with regex the gpo guid found between the curly brackets "{}"in the full file path. Using the gpo guid the script will resolve the gpo name and OUs where that gpo is linked. At the end the script will output the data.

$dc = Read-Host "Online DC (example:dc1)"
$dom = Read-Host "Domain name (example:domain.com)"

dir \\$dc\SYSVOL\$dom\Policies -Include *.vbs,*.bat,*.vbe -Recurse | select -ExpandProperty Fullname | Select-String -Pattern "(?<=\{).*?(?=\})"  | % {

    $id=$_.matches[0].value
    $gpo=get-gpo -guid $id
    $ou =Get-ADOrganizationalUnit -LDAPFilter "(gPLink=*$id*)"

    Write-host $_
    Write-Host "GPOName=" -ForegroundColor Red -NoNewline
    Write-host $gpo.DisplayName -NoNewline
    Write-Host "`tStatus=" -ForegroundColor Yellow -NoNewline
    Write-host $gpo.GpoStatus
    Write-Host "OUlinks=" -ForegroundColor Green -NoNewline
    Write-host $ou.Name
    Write-Host " "

}


Feel free to customize or modify the script to satisfy your needs.
 

No comments:

Post a Comment