No announcement yet.

Batch: List GPOs and GPO owners

  • Filter
  • Time
  • Show
Clear All
new posts

  • Batch: List GPOs and GPO owners

    I was doing some ACL cleanup in my environment and wanted to make sure the GPO owners are set according to our design docs (we assign a group and not individual account as object owner - available in W2K3's GUI), so I came up with this short batch to do the trick:

    @echo off
    Rem The script assumes you have dsquery and acldiag tools installed on the machine you are running the script from
    set AD_NC="cn=policies,cn=system,dc=company,dc=com"
    set GPO_FILTER="objectClass=groupPolicyContainer"
    set TEMP_FILE="tmp_gpolist.txt"
    set TEMP_FILE2="tmp_gpolist_paths.txt"
    del /f %TEMP_FILE% %TEMP_FILE2%
    if exist %TEMP_FILE% goto CANT_DELETE_FILE
    if exist %TEMP_FILE2% goto CANT_DELETE_FILE
    dsquery * %AD_NC% -l -filter %GPO_FILTER% > %TEMP_FILE%
    FOR /F "usebackq" %%i IN (%TEMP_FILE%) DO (
     acldiag %%i | findstr "Owner"
     dsquery * %%i -scope base -attr gpcFileSysPath | findstr /i "\\" > %TEMP_FILE2% 
     FOR /F "usebackq" %%j IN (%TEMP_FILE2%) do type %%j\GPT.ini | findstr /I displayname
     echo ========================================================================
    goto END
    echo Failed to delete old temporary file. Exiting...
    goto END
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"