[edited]join/merge out from xml output column wise using powershell

I managed to output part of garbage output of RSOP Policies /Security Options only using WMI

Get-WMIObject RSOP_SecuritySettings -namespace root\rsop\computer | where {$_.precedence -eq 1 } |Ft

or using XML

$xmlfile = "C:\share\reference.xml"
$xmldoc = New-Object System.XML.XMLDocument
$xmldoc.Load($xmlfile)

$xml.rsop.ComputerResults.ExtensionData.Extension.SecurityOptions | ft -autosize

I wanted to get like the one in RSOP html (no need to output winning GPO) using powershell, is it possible?

Example for the RSOP HTML output:

Local Policies/Security Options
Accounts
Policy Setting Winning GPO
Accounts: Limit local account use of blank passwords to console logon only Enabled AAA
Audit
Policy Setting Winning GPO
Audit: Audit the access of global system objects Disabled AAA
Audit: Audit the use of Backup and Restore privilege Disabled AAA
Audit: Shut down system immediately if unable to log security audits Disabled AAA
Devices
Policy Setting Winning GPO
Devices: Allow undock without having to log on Disabled AAA
Devices: Allowed to format and eject removable media Administrators AAA
Devices: Prevent users from installing printer drivers Enabled AAA
Devices: Restrict CD-ROM access to locally logged-on user only Enabled AAA
Devices: Restrict floppy access to locally logged-on user only Enabled AAA
Domain Controller
Policy Setting Winning GPO
Domain controller: Allow server operators to schedule tasks Disabled AAA
Domain controller: LDAP server signing requirements None AAA
Domain controller: Refuse machine account password changes Disabled
Anyone can help in anyway possible. Thanks in advance.

Hi There,

First time poster. XML would be the cleaner way to go, since GPResult is doing all the heavy lifting here. I took a quick look at the XML in my lab environment and I can see that it’s fairly straight forward. I’m guessing it would be around the GPO collection in Rsop.<User or Computer Result>.GPO

# Run GP Result
gpresult /x C:\Temp\xmlreport.xml

# Load XML
[XML] $xmlobj = Get-Content -LiteralPath C:\Temp\xmlreport.xml

PS C:\Users\Administrator> $xmlobj.Rsop.ComputerResults.GPO



Name             : Default Domain Policy
Path             : Path
VersionDirectory : 3
VersionSysvol    : 3
Enabled          : true
IsValid          : true
FilterAllowed    : true
AccessDenied     : false
Link             : Link
SecurityFilter   : NT AUTHORITY\Authenticated Users
ExtensionName    : {{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}, Security, Registry}

Name             : Local Group Policy
Path             : Path
VersionDirectory : 0
VersionSysvol    : 0
Enabled          : true
IsValid          : true
FilterAllowed    : true
AccessDenied     : false
Link             : Link

Name             : Default Domain Controllers Policy
Path             : Path
VersionDirectory : 1
VersionSysvol    : 1
Enabled          : true
IsValid          : true
FilterAllowed    : true
AccessDenied     : false
Link             : Link
SecurityFilter   : NT AUTHORITY\Authenticated Users
ExtensionName    : Security

It would be a matter of having a dig around in the XML to find what you need, but from spending a few minutes in my lab environment I would go down the XML path.

 

[quote quote=144383]Hi There,

First time poster. XML would be the cleaner way to go, since GPResult is doing all the heavy lifting here. I took a quick look at the XML in my lab environment and I can see that it’s fairly straight forward. I’m guessing it would be around the GPO collection in Rsop…GPO

PowerShell
45 lines
<textarea class="ace_text-input" style="opacity: 0; height: 18px; width: 6.59781px; left: 51px; top: 0px;" spellcheck="false" wrap="off"></textarea>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# Run GP Result
gpresult /x C:\Temp\xmlreport.xml
# Load XML
[XML] $xmlobj = Get-Content -LiteralPath C:\Temp\xmlreport.xml
PS C:\Users\Administrator> $xmlobj.Rsop.ComputerResults.GPO
Name : Default Domain Policy
Path : Path
VersionDirectory : 3
VersionSysvol : 3
Enabled : true
IsValid : true
FilterAllowed : true
AccessDenied : false
Link : Link
SecurityFilter : NT AUTHORITY\Authenticated Users
ExtensionName : {{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}, Security, Registry}
Name : Local Group Policy
Path : Path
VersionDirectory : 0
VersionSysvol : 0
Enabled : true
IsValid : true
FilterAllowed : true
AccessDenied : false
Link : Link
Name : Default Domain Controllers Policy
Path : Path
VersionDirectory : 1
VersionSysvol : 1
Enabled : true
IsValid : true
FilterAllowed : true
AccessDenied : false
Link : Link
SecurityFilter : NT AUTHORITY\Authenticated Users
ExtensionName : Security
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
It would be a matter of having a dig around in the XML to find what you need, but from spending a few minutes in my lab environment I would go down the XML path.

[/quote]

Thanks for reply your first post here regarding my question.

 

I can 100% confirm that the code is as below:

 

$xml.rsop.ComputerResults.ExtensionData.Extension.SecurityOptions | ft -autosize

The only issue is the output is consist of the registry key and not the description of the policy setting and the value.

<q5:SecurityOptions
<GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"
<Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{AAAAAAAAAAAAA}</Identifier
<Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">arsenal.abc.net</Domain
</GPO
<Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence>
<q5:KeyNameMACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD</q5:KeyName>
<q5:SettingNumber>0</q5:SettingNumber>
|<q5:Display
    |<q5:Name>Interactive logon: Do not require CTRL+ALT+DEL</q5:Name>
    <q5:Units /
    <q5:DisplayBoolean>false</q5:DisplayBoolean>
    </q5:Display

I am trying the to output <q5:Name> but unsuccessful.

 

Thanks for your first reply to my question.

I managed to figure out the answer myself.

$xml.Rsop.ComputerResults.ExtensionData.Extension.SecurityOptions |Select “keyname” , “SettingNumber”
$xml.Rsop.ComputerResults.ExtensionData.Extension.SecurityOptions.Display

I managed to figure out the answer.

Now How do I merge both output by joining them both column side by side using powershell