Announcement

Collapse
No announcement yet.

Possible to search an IP range and list applied GPOs?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Possible to search an IP range and list applied GPOs?

    Hi guys. I have been looking for the better part of a day now and I have yet to find some kind of utility that can give me a RSoP (or even better GPresult) on an IP range? I am having a slight problem with GPOs not being applied when they should... or at least when "I" think they should. =)

    It would be nice to be able to run a scan on a range and find out which machines are applying the GPOs and which are not. The reason that I ask is that we just implemented SUS, with a GPO to enable it. Then I fixed the computers that were in the wrong AD containers (stupid me) and after that I had at least 1 (that I know of) machine that would not pick up the GPO, until I disjoined the computer from the domain and rejoined it.

    So that is my question. Thanks in advance for any help!
    Two things:
    1) If I wrote something wrong please please please let me know. I want to know ESPECIALLY if I am wrong.
    2) I have a tendency to write things that are misconstrued as being agressive or not so pleasant. That is not my intent.

  • #2
    Re: Possible to search an IP range and list applied GPOs?

    If your using (W)SUS, you can use that to see which clients are getting updates, or awaiting updates. Either way, you will be able to see which clients have been in contact with the (W)SUS service, which would obviously mean that they have the correct GPO settings.

    You should then check any clients not listed, and run the 'gpupdate' command.

    Comment


    • #3
      Re: Possible to search an IP range and list applied GPOs?

      Originally posted by Draenok View Post
      Hi guys. I have been looking for the better part of a day now and I have yet to find some kind of utility that can give me a RSoP (or even better GPresult) on an IP range? I am having a slight problem with GPOs not being applied when they should... or at least when "I" think they should. =)

      It would be nice to be able to run a scan on a range and find out which machines are applying the GPOs and which are not. The reason that I ask is that we just implemented SUS, with a GPO to enable it. Then I fixed the computers that were in the wrong AD containers (stupid me) and after that I had at least 1 (that I know of) machine that would not pick up the GPO, until I disjoined the computer from the domain and rejoined it.

      So that is my question. Thanks in advance for any help!
      I don't know of any existing tools that can do what you ask, but i do know that it should be possible, WMI exposes an host of classes that you can use to acces RSOP data, and as WMI can connect to remote computers if would be possible to create an script that would be able to scan an ip range and retrieve RSOP data from the computers

      Code:
      strComputer = "." 
      Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\RSOP\Computer") 
      Set colItems = objWMIService.ExecQuery( _
          "SELECT * FROM RSOP_GPO",,48) 
      For Each objItem in colItems 
          Wscript.Echo "-----------------------------------"
          Wscript.Echo "RSOP for local computer GPO's"
          Wscript.Echo "-----------------------------------"
          Wscript.Echo "Name: " & objItem.Name & " | version: " & objItem.version
      Next
      
      Set objWMIService2 = GetObject("winmgmts:\\" & strComputer & "\root\RSOP\User")
      Set colItems2 = objWMIService.ExecQuery( _
          "SELECT * FROM RSOP_GPO",,48) 
      For Each objItem2 in colItems2 
          Wscript.Echo "-----------------------------------"
          Wscript.Echo "RSOP for local user GPO's"
          Wscript.Echo "-----------------------------------"
          Wscript.Echo "Name: " & objItem2.Name & " | version: " & objItem2.version
      Next
      This little script will show the applied GPO's on the computer & local user it's run's on, you could drill deeper to get more info but this is just an example.

      I don;t have an domain right now, so i can't really test remote WMI script atm
      Last edited by RonaldM; 17th June 2008, 07:54. Reason: Added example WMI script

      Comment


      • #4
        Re: Possible to search an IP range and list applied GPOs?

        "Group Policy Modeling" feature is known as "Resultant Set of Policy (RSoP)"



        There are some different settings that you can adjust to fit your needs.
        Last edited by John2008; 17th June 2008, 08:13.

        Comment


        • #5
          Re: Possible to search an IP range and list applied GPOs?

          The subject has got me very interestet.

          If grabbed an little util called NetPing from the coding4fun blog

          http://blogs.msdn.com/coding4fun/arc...2/2241600.aspx

          this utility can easily be extend with plug ins, so i wrote an small dll that when you right click an computer the option to execute an Gpresult on the computer.

          maybe this is enough for youre purposes.

          I have attacht the utility with the extra DLL, just unzip to an directory and run NetPing.exe.

          This does need .Net 2.0 or higher AFAIK.

          I will try to automate the process even more, but i think that automaticly execute gpresult on overy found computer would make it very slow (or even crash if it finds like 200 active computers)

          You should run this util under an account that has the right to run Gpresult on the target computers as i have not (yet) included an credential option in this addin.
          Attached Files

          Comment


          • #6
            Re: Possible to search an IP range and list applied GPOs?

            Hrm, that is interesting. Looking at this now....

            Thanks for the help!
            Two things:
            1) If I wrote something wrong please please please let me know. I want to know ESPECIALLY if I am wrong.
            2) I have a tendency to write things that are misconstrued as being agressive or not so pleasant. That is not my intent.

            Comment


            • #7
              Re: Possible to search an IP range and list applied GPOs?

              psexec

              gpresult /v

              Output to a textfile on a share somewhere by the computername.txt
              VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

              Comment

              Working...
              X