Well, it is a file, so if you are after only specific info, then you have to parse it.
Parsing XML an be a challenge…
‘blogs.technet.com/b/heyscriptingguy/archive/2012/03/26/use-powershell-to-parse-an-xml-file-and-sort-the-data.aspx’
…but as long as you know what tagged area you want, it’s fairly straight forward. Well, depending on how that XML file is defined. For example the simple example one…
$doc = [xml]@’
'@
$doc.xml.Section.BEName
Or more dynamically
[xml]$XmlContent = Get-Content variable:\doc
$XmlContent.xml.Section.BEName
I have no GPO for Outlook configs, so I cannot say what that would look like.
Yet, using a general output from a workstation…
Using the cmdlets
$GpoReport = $env:COMPUTERNAME + ‘_’ + ‘GpoAll.xml’
Get-GPOReport -All -ReportType XML -Path “c:\Temp$GpoReport”
[xml]$GpoContent = Get-Content -Path c:\temp$GpoReport
So, now that we have the content in a variable, we can start navigating the report
Root element / node
$GpoContent
xml report
— ------ version=“1.0” encoding=“utf-16” report
child element / node… and so on…
$GpoContent.report
GPO
{Default Domain Policy, Default Domain Controllers Policy}
$GpoContent.report.GPO
xsd : XML Schema
xsi : http://www.w3.org/2001/XMLSchema-instance
xmlns : http://www.microsoft.com/GroupPolicy/Settings
Identifier : Identifier
Name : Default Domain Policy
IncludeComments : true
CreatedTime : 2017-04-01T00:02:13
ModifiedTime : 2017-04-01T00:07:20
ReadTime : 2017-11-19T07:58:53.2761454Z
SecurityDescriptor : SecurityDescriptor
FilterDataAvailable : true
Computer : Computer
User : User
LinksTo : LinksTo
xsd : XML Schema
xsi : http://www.w3.org/2001/XMLSchema-instance
xmlns : http://www.microsoft.com/GroupPolicy/Settings
Identifier : Identifier
Name : Default Domain Controllers Policy
IncludeComments : true
CreatedTime : 2017-04-01T00:02:13
ModifiedTime : 2017-10-30T03:49:12
ReadTime : 2017-11-19T07:58:56.8300864Z
SecurityDescriptor : SecurityDescriptor
FilterDataAvailable : true
Computer : Computer
User : User
LinksTo : LinksTo
$GpoContent.report.GPO | Select User
$GpoContent.report.GPO | Select User -First 1
User
User
($GpoContent.report.GPO)[0]
xsd : XML Schema
xsi : http://www.w3.org/2001/XMLSchema-instance
xmlns : http://www.microsoft.com/GroupPolicy/Settings
Identifier : Identifier
Name : Default Domain Policy
IncludeComments : true
CreatedTime : 2017-04-01T00:02:13
ModifiedTime : 2017-04-01T00:07:20
ReadTime : 2017-11-19T07:58:53.2761454Z
SecurityDescriptor : SecurityDescriptor
FilterDataAvailable : true
Computer : Computer
User : User
LinksTo : LinksTo
($GpoContent.report.GPO)[0].Computer
<#
VersionDirectory VersionSysvol Enabled ExtensionData
3 3 true {Security, Public Key, Registry}
($GpoContent.report.GPO)[0].Computer.ExtensionData
Extension Security
Extension Public Key
Extension Registry
($GpoContent.report.GPO)[0].Computer.ExtensionData.Extension
<#
q1 type Account SecurityOptions
http://www.microsoft.com/GroupPolicy/… q1:SecuritySettings {ClearTextPassword, LockoutBadCount, … {q1:SecurityOptions, q1:SecurityOptio…
q2:PublicKeySettings
q3:RegistrySettings
($GpoContent.report.GPO)[0].Computer.ExtensionData.Extension.Account | ft -AutoSize
Name SettingBoolean Type
ClearTextPassword false Password
LockoutBadCount Account Lockout
MaximumPasswordAge Password
MinimumPasswordAge Password
MinimumPasswordLength Password
PasswordComplexity true Password
PasswordHistorySize Password
MaxClockSkew Kerberos
MaxRenewAge Kerberos
MaxServiceAge Kerberos
MaxTicketAge Kerberos
TicketValidateClient true Kerberos
You can also, just search the XML doc directly for string matches.
Select-String -Path "c:\temp$GpoReport" -Pattern Password