get-gpo Archives | Alkane Solutions

Use PowerShell to Search Group Policy for a Specific Setting

This simple example searches all group policy objects for a script called “alkane.ps1” – it could be part of a login script, startup script, scheduled task, file copy or otherwise!

$searchString = "alkane.ps1" Get-GPO -All | Where-Object { $_ | Get-GPOReport -ReportType xml | Select-String $searchString } | select DisplayName, ID

We can search for any string of text. But we will need a local installation of RSAT and an elevated account to run it!

This is a simple PowerShell script that enables you to find Group Policy Objects (GPO) modified in the last X days.

Unfortunately it doesn’t tell us who modified the GPO or what specific configuration was changed, but it’s a start!

This first script will simply print out the name, modification date and description of the relevant GPOs. Sometimes organisations use the description to make notes on changes to the GPO so it might assist your investigations:

$daysSinceModification = 1
Get-GPO -All | where-object { ([datetime]::today - ($_.ModificationTime)).Days -le $daysSinceModification } | foreach {  write-host "******************`r`nDisplay Name: " $_.DisplayName "`r`nModification Date: " $_.ModificationTime "`r`nDescription: " $_.Description "`r`n******************`r`n" }

This second script will retrieve the same GPOs but this time it will export the GPO to a html file for your perusal:

$daysSinceModification = 1
$exportPath = "C:\Path"
Get-GPO -All | where-object { ([datetime]::today - ($_.ModificationTime)).Days -le $daysSinceModification } | foreach {  Get-GPOReport -Name $_.DisplayName -ReportType HTML -Path "$exportPath\$($_.DisplayName).html" }