I managed to output part of garbage output of RSOP Policies /Security Options only using WMI
Get-WMIObject RSOP_SecuritySettings -namespace root\rsop\computer | where {$_.precedence -eq 1 } |Ft
or using XML
$xmlfile = "C:\share\reference.xml"
$xmldoc = New-Object System.XML.XMLDocument
$xmldoc.Load($xmlfile)
$xml.rsop.ComputerResults.ExtensionData.Extension.SecurityOptions | ft -autosize
I wanted to get like the one in RSOP html (no need to output winning GPO) using powershell, is it possible?
Example for the RSOP HTML output:
Local Policies/Security Options
Accounts
Policy |
Setting |
Winning GPO |
Accounts: Limit local account use of blank passwords to console logon only |
Enabled |
AAA |
Audit
Policy |
Setting |
Winning GPO |
Audit: Audit the access of global system objects |
Disabled |
AAA |
Audit: Audit the use of Backup and Restore privilege |
Disabled |
AAA |
Audit: Shut down system immediately if unable to log security audits |
Disabled |
AAA |
Devices
Policy |
Setting |
Winning GPO |
Devices: Allow undock without having to log on |
Disabled |
AAA |
Devices: Allowed to format and eject removable media |
Administrators |
AAA |
Devices: Prevent users from installing printer drivers |
Enabled |
AAA |
Devices: Restrict CD-ROM access to locally logged-on user only |
Enabled |
AAA |
Devices: Restrict floppy access to locally logged-on user only |
Enabled |
AAA |
Domain Controller
Policy |
Setting |
Winning GPO |
Domain controller: Allow server operators to schedule tasks |
Disabled |
AAA |
Domain controller: LDAP server signing requirements |
None |
AAA |
Domain controller: Refuse machine account password changes |
Disabled |
Anyone can help in anyway possible. Thanks in advance.
Hi There,
First time poster. XML would be the cleaner way to go, since GPResult is doing all the heavy lifting here. I took a quick look at the XML in my lab environment and I can see that it’s fairly straight forward. I’m guessing it would be around the GPO collection in Rsop.<User or Computer Result>.GPO
# Run GP Result
gpresult /x C:\Temp\xmlreport.xml
# Load XML
[XML] $xmlobj = Get-Content -LiteralPath C:\Temp\xmlreport.xml
PS C:\Users\Administrator> $xmlobj.Rsop.ComputerResults.GPO
Name : Default Domain Policy
Path : Path
VersionDirectory : 3
VersionSysvol : 3
Enabled : true
IsValid : true
FilterAllowed : true
AccessDenied : false
Link : Link
SecurityFilter : NT AUTHORITY\Authenticated Users
ExtensionName : {{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}, Security, Registry}
Name : Local Group Policy
Path : Path
VersionDirectory : 0
VersionSysvol : 0
Enabled : true
IsValid : true
FilterAllowed : true
AccessDenied : false
Link : Link
Name : Default Domain Controllers Policy
Path : Path
VersionDirectory : 1
VersionSysvol : 1
Enabled : true
IsValid : true
FilterAllowed : true
AccessDenied : false
Link : Link
SecurityFilter : NT AUTHORITY\Authenticated Users
ExtensionName : Security
It would be a matter of having a dig around in the XML to find what you need, but from spending a few minutes in my lab environment I would go down the XML path.
[quote quote=144383]Hi There,
First time poster. XML would be the cleaner way to go, since GPResult is doing all the heavy lifting here. I took a quick look at the XML in my lab environment and I can see that it’s fairly straight forward. I’m guessing it would be around the GPO collection in Rsop…GPO
<textarea class="ace_text-input" style="opacity: 0; height: 18px; width: 6.59781px; left: 51px; top: 0px;" spellcheck="false" wrap="off"></textarea>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# Run GP Result
gpresult /x C:\Temp\xmlreport.xml
# Load XML
[XML] $xmlobj = Get-Content -LiteralPath C:\Temp\xmlreport.xml
PS C:\Users\Administrator> $xmlobj.Rsop.ComputerResults.GPO
Name : Default Domain Policy
Path : Path
VersionDirectory : 3
VersionSysvol : 3
Enabled : true
IsValid : true
FilterAllowed : true
AccessDenied : false
Link : Link
SecurityFilter : NT AUTHORITY\Authenticated Users
ExtensionName : {{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}, Security, Registry}
Name : Local Group Policy
Path : Path
VersionDirectory : 0
VersionSysvol : 0
Enabled : true
IsValid : true
FilterAllowed : true
AccessDenied : false
Link : Link
Name : Default Domain Controllers Policy
Path : Path
VersionDirectory : 1
VersionSysvol : 1
Enabled : true
IsValid : true
FilterAllowed : true
AccessDenied : false
Link : Link
SecurityFilter : NT AUTHORITY\Authenticated Users
ExtensionName : Security
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
It would be a matter of having a dig around in the XML to find what you need, but from spending a few minutes in my lab environment I would go down the XML path.
[/quote]
Thanks for reply your first post here regarding my question.
I can 100% confirm that the code is as below:
$xml.rsop.ComputerResults.ExtensionData.Extension.SecurityOptions | ft -autosize
The only issue is the output is consist of the registry key and not the description of the policy setting and the value.
<q5:SecurityOptions
<GPO xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base"
<Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{AAAAAAAAAAAAA}</Identifier
<Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">arsenal.abc.net</Domain
</GPO
<Precedence xmlns="http://www.microsoft.com/GroupPolicy/Settings/Base">1</Precedence>
<q5:KeyNameMACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD</q5:KeyName>
<q5:SettingNumber>0</q5:SettingNumber>
|<q5:Display
|<q5:Name>Interactive logon: Do not require CTRL+ALT+DEL</q5:Name>
<q5:Units /
<q5:DisplayBoolean>false</q5:DisplayBoolean>
</q5:Display
I am trying the to output <q5:Name> but unsuccessful.
Thanks for your first reply to my question.
I managed to figure out the answer myself.
$xml.Rsop.ComputerResults.ExtensionData.Extension.SecurityOptions |Select “keyname” , “SettingNumber”
$xml.Rsop.ComputerResults.ExtensionData.Extension.SecurityOptions.Display
I managed to figure out the answer.
Now How do I merge both output by joining them both column side by side using powershell