| Author | Messages | |
pierrek7
Posts:0
 | | 02/26/2010 2:21 PM |
| Hi,
This is my first question, I hope someone will be able to help me.....
Is there a way to find which computers have been treated by a specific GPO, from the server ? I know we can drill down in the reg keys on the client to see which GPOs have been applied, but what I'd like to know is, from the server, get a list of the computers which have run a specific GPO, thus I could point the ones that didn't get the GPO (ex.: because the client hasn't rebooted in a long time). It happens I have a security GPO I want to apply, but I'd like to make sure it's applied everywhere, on each host in my domain.
Thanks for any help on this.
------------------------------
Pierre Cossette
Recherche et développement pour la Défense Canada - Valcartier |
Defence Research and Development Canada - Valcartier
2459 Boul. Pie XI Nord | 2459, Pie XI Blvd North
Québec, QC, Canada G3J 1X5
Pierre.Cossette@drdc-rddc.gc.ca <mailto ierre.Cossette@drdc-rddc.gc.ca>
Gouvernement du Canada | Government of Canada
www.valcartier.drdc-rddc.gc.ca <http://www.valcartier.drdc-rddc.gc.ca>
| | | |
| jeromelcruz
Posts:88
| | 02/26/2010 4:36 PM |
| Good Morning Pierre,
Centralized reporting of the deployment of Group Policy data isn't a reality yet without expensive third-party tools. However, you have a couple of low end options:
1) if you have Administrative access to the devices over the network, you 'could' build a script to capture the GPResult.exe data from the remote systems and run that script from your central server. The data will not be easily summarized unless you build some sort of parser. Essentially, if this is a one-time use exercise and if there are not too many systems (say 30 or less PCs), then this might be your best option.
GPRESULT [/S system [/U username [/P [password]]]] [/SCOPE scope]
[/USER targetusername] [/R | /V | /Z] [(/X | /H) <filename> [/F]]
Description:
This command line tool displays the Resultant Set of Policy (RSoP)
information for a target user and computer.
Parameter List:
/S system Specifies the remote system to connect to.
/U [domain\]user Specifies the user context under which the
command should execute.
Can not be used with /X, /H.
/P [password] Specifies the password for the given user
context. Prompts for input if omitted.
Can not be used with /X, /H.
/SCOPE scope Specifies whether the user or the
computer settings needs to be displayed.
Valid values: "USER", "COMPUTER".
/USER [domain\]user Specifies the user name for which the
RSOP data is to be displayed.
/X <filename> Saves the report in XML format at the
location and with the file name specified
by the <filename> parameter. (valid in Windows
Vista SP1 and above and Windows Server 2008 and above)
/H <filename> Saves the report in HTML format at the
location and with the file name specified by
the <filename> parameter. (valid in Windows
Vista SP1 and above and Windows Server 2008 and above)
/F Forces gpresult to overwrite the file name
specified in the /X or /H command.
/R Displays RSoP summary data.
/V Specifies that verbose information should
be displayed. Verbose information provides
additional detailed settings that have
been applied with a precedence of 1.
/Z Specifies that the super-verbose
information should be displayed. Super-
verbose information provides additional
detailed settings that have been applied
with a precedence of 1 and higher. This
allows you to see if a setting was set in
multiple places. See the Group Policy
online help topic for more information.
/? Displays this help message.
Examples:
GPRESULT /R
GPRESULT /H GPReport.html
GPRESULT /USER targetusername /V
GPRESULT /S system /USER targetusername /SCOPE COMPUTER /Z
GPRESULT /S system /U username /P password /SCOPE USER /V
2) Another possible option is to check out Microsoft's Group Policy Inventory tool: http://www.microsoft.com/downloads/details.aspx?familyid=1d24563d-cac9-4017-af14-8dd686a96540&displaylang=en
[Note Due to the size of my organization, this is not something I've used, but I have heard of smaller organizations having some good experience with it.]
Brief Description Group Policy Inventory (GPInventory.exe) allows administrators to collect Group Policy and other information from any number of computers in their network.
Group Policy Inventory (GPInventory.exe) allows administrators to collect Group Policy and other information from any number of computers in their network by running multiple Resultant Set of User Policy (RSOP) or Windows Management Instrumentation (WMI) queries. The query results can be exported to either an XML or a text file, and can be analyzed in Excel.
Typical usage scenarios
RSOP Queries:
· Do a software inventory for users and computers in a domain or OU
· See which applications are installed on computers in the domain
· Track the rollout of new GPOs on a domain
· Find computers that have not downloaded and applied new GPOs
WMI Queries:
· Do a complete hardware inventory (processor, memory, hard disk space, etc) for all computers in the domain
· Scan all computers to see if a particular hotfix is applied
· See the amount of disk space that is available on computers
· Test a WMI filter before implementing it in the domain
Jerry Cruz | Group Policies Product Manager | Windows Server and Infrastructure Architecture | Boeing IT
From: gptalk-owner@lists.gpoguy.com [mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of Cossette, Pierre
Sent: Friday, February 26, 2010 6:20 AM
To: gptalk@lists.gpoguy.com
Subject: [gptalk] List of computers with GPO applied
Hi,
This is my first question, I hope someone will be able to help me.....
Is there a way to find which computers have been treated by a specific GPO, from the server ? I know we can drill down in the reg keys on the client to see which GPOs have been applied, but what I'd like to know is, from the server, get a list of the computers which have run a specific GPO, thus I could point the ones that didn't get the GPO (ex.: because the client hasn't rebooted in a long time). It happens I have a security GPO I want to apply, but I'd like to make sure it's applied everywhere, on each host in my domain.
Thanks for any help on this.
------------------------------
Pierre Cossette
Recherche et développement pour la Défense Canada - Valcartier |
Defence Research and Development Canada - Valcartier
2459 Boul. Pie XI Nord | 2459, Pie XI Blvd North
Québec, QC, Canada G3J 1X5
Pierre.Cossette@drdc-rddc.gc.ca<mailtoierre.Cossette@drdc-rddc.gc.ca>
Gouvernement du Canada | Government of Canada
www.valcartier.drdc-rddc.gc.ca<http://www.valcartier.drdc-rddc.gc.ca>
| | | |
| dmarelia
Posts:233
| | 02/26/2010 4:36 PM |
| Pierre-
If you are comfortable with Powershell, I'll add my free GP Health Results Powershell cmdlet to Jerry's list. Check it out at www.sdmsoftware.com/freeware<http://www.sdmsoftware.com/freeware>. You can use it to remotely gather GP processing status, including lists of GPOs that have applied (and CSE status as well) centrally to XML or Powershell objects.
Darren
From: gptalk-owner@lists.gpoguy.com [mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of Cruz, Jerome L
Sent: Friday, February 26, 2010 8:33 AM
To: gptalk@lists.gpoguy.com
Subject: RE: [gptalk] List of computers with GPO applied
Good Morning Pierre,
Centralized reporting of the deployment of Group Policy data isn't a reality yet without expensive third-party tools. However, you have a couple of low end options:
1) if you have Administrative access to the devices over the network, you 'could' build a script to capture the GPResult.exe data from the remote systems and run that script from your central server. The data will not be easily summarized unless you build some sort of parser. Essentially, if this is a one-time use exercise and if there are not too many systems (say 30 or less PCs), then this might be your best option.
GPRESULT [/S system [/U username [/P [password]]]] [/SCOPE scope]
[/USER targetusername] [/R | /V | /Z] [(/X | /H) <filename> [/F]]
Description:
This command line tool displays the Resultant Set of Policy (RSoP)
information for a target user and computer.
Parameter List:
/S system Specifies the remote system to connect to.
/U [domain\]user Specifies the user context under which the
command should execute.
Can not be used with /X, /H.
/P [password] Specifies the password for the given user
context. Prompts for input if omitted.
Can not be used with /X, /H.
/SCOPE scope Specifies whether the user or the
computer settings needs to be displayed.
Valid values: "USER", "COMPUTER".
/USER [domain\]user Specifies the user name for which the
RSOP data is to be displayed.
/X <filename> Saves the report in XML format at the
location and with the file name specified
by the <filename> parameter. (valid in Windows
Vista SP1 and above and Windows Server 2008 and above)
/H <filename> Saves the report in HTML format at the
location and with the file name specified by
the <filename> parameter. (valid in Windows
Vista SP1 and above and Windows Server 2008 and above)
/F Forces gpresult to overwrite the file name
specified in the /X or /H command.
/R Displays RSoP summary data.
/V Specifies that verbose information should
be displayed. Verbose information provides
additional detailed settings that have
been applied with a precedence of 1.
/Z Specifies that the super-verbose
information should be displayed. Super-
verbose information provides additional
detailed settings that have been applied
with a precedence of 1 and higher. This
allows you to see if a setting was set in
multiple places. See the Group Policy
online help topic for more information.
/? Displays this help message.
Examples:
GPRESULT /R
GPRESULT /H GPReport.html
GPRESULT /USER targetusername /V
GPRESULT /S system /USER targetusername /SCOPE COMPUTER /Z
GPRESULT /S system /U username /P password /SCOPE USER /V
2) Another possible option is to check out Microsoft's Group Policy Inventory tool: http://www.microsoft.com/downloads/details.aspx?familyid=1d24563d-cac9-4017-af14-8dd686a96540&displaylang=en
[Note Due to the size of my organization, this is not something I've used, but I have heard of smaller organizations having some good experience with it.]
Brief Description Group Policy Inventory (GPInventory.exe) allows administrators to collect Group Policy and other information from any number of computers in their network.
Group Policy Inventory (GPInventory.exe) allows administrators to collect Group Policy and other information from any number of computers in their network by running multiple Resultant Set of User Policy (RSOP) or Windows Management Instrumentation (WMI) queries. The query results can be exported to either an XML or a text file, and can be analyzed in Excel.
Typical usage scenarios
RSOP Queries:
· Do a software inventory for users and computers in a domain or OU
· See which applications are installed on computers in the domain
· Track the rollout of new GPOs on a domain
· Find computers that have not downloaded and applied new GPOs
WMI Queries:
· Do a complete hardware inventory (processor, memory, hard disk space, etc) for all computers in the domain
· Scan all computers to see if a particular hotfix is applied
· See the amount of disk space that is available on computers
· Test a WMI filter before implementing it in the domain
Jerry Cruz | Group Policies Product Manager | Windows Server and Infrastructure Architecture | Boeing IT
From: gptalk-owner@lists.gpoguy.com [mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of Cossette, Pierre
Sent: Friday, February 26, 2010 6:20 AM
To: gptalk@lists.gpoguy.com
Subject: [gptalk] List of computers with GPO applied
Hi,
This is my first question, I hope someone will be able to help me.....
Is there a way to find which computers have been treated by a specific GPO, from the server ? I know we can drill down in the reg keys on the client to see which GPOs have been applied, but what I'd like to know is, from the server, get a list of the computers which have run a specific GPO, thus I could point the ones that didn't get the GPO (ex.: because the client hasn't rebooted in a long time). It happens I have a security GPO I want to apply, but I'd like to make sure it's applied everywhere, on each host in my domain.
Thanks for any help on this.
------------------------------
Pierre Cossette
Recherche et développement pour la Défense Canada - Valcartier |
Defence Research and Development Canada - Valcartier
2459 Boul. Pie XI Nord | 2459, Pie XI Blvd North
Québec, QC, Canada G3J 1X5
Pierre.Cossette@drdc-rddc.gc.ca<mailtoierre.Cossette@drdc-rddc.gc.ca>
Gouvernement du Canada | Government of Canada
www.valcartier.drdc-rddc.gc.ca<http://www.valcartier.drdc-rddc.gc.ca>
| | | |
|
|