I will need validate the values read from Group Policy and my text file and compare with my own values to see if it matches. It will not be possible for me to install on other computers/servers in order to run my script.
I only tried the GroupPolicy’s module (Get-GPO and etc…) but upon realizing it requires some installation, I started looking for alternatives which I can’t seem to find…
You know there is no built in way to actually read the content of a given GPO, don’t you? You would need to parse the XML output from Get-GPOReport to actually see what’s inside a GPO.
I still did not get what you actually want to achieve and why or what for.
The script should then be able to read my file with audit’s GPO data and also extract the GPO from the system and compare to see if it meets the requirement of having X minimum character as password.
e.g.
Auditing Benchmark
GPO name: PasswordMinLength
Value: 8
XYZ System
GPO name: PasswordMinLength
Value: 10
Upon comparison, the system’s GPO passes the GPO benchmark.
I understand that Get-GPO would be the best solution but in the scenario where the system has restrictions and prevents me from installing or enabling the RSAT feature for GPO module?
By deafult the cmdlet Get-GPO reads the information about GPOs from the AD. You can specify a particular domain or a particular server but you don’t have to run this cmdlet on a server. It can (actually it should) run from any domain joined client with the RSAT module installed.
But … the difficult part of the job would be to parse the GPOs to find the setting you’re after. As far as I know there is no built in or even easy way to do that.