Someone asked me today how to easily export a readable report of all GPOs applied to a system (they were performing a security audit and needed an easy to way to script this). Of course, I immediately thought of PowerShell! So, here’s how you can export a readable report of all GPOs applied to a system in question in PowerShell:
> Import-Module GroupPolicy > Get-GPOReport -All -ReportType Html -Path AllGPOsReport.htm
Of course, you can also use Get-GPOReport to generate a report for a specific GPO and/or export as XML, if you prefer.
Group Policy Cmdlet Prerequisites
To use the Windows PowerShell cmdlets for Group Policy, you must be running one of the following:
Windows Server 2008 R2 on a domain controller
–or–
Windows Server 2008 R2 on a member server that has the GPMC installed
–or–
Windows® 7 with Remote Server Administration Tools (RSAT) installed. (RSAT includes the GPMC and the Group Policy cmdlets)
http://technet.microsoft.com/en-us/library/ee461027.aspx
Russel,
Thanks for the heads up! Appreciate your input.
-Derek
GPRESULT /H GPReport.html
Thanks Jim – that’s a good non-PowerShell way to get a human readable GPO report as well (of course, all good things don’t come in a PowerShell package :)).
If you want the group policies exported to separate HTML files you can use the following command:
Get-GPO -all | % { Get-GPOReport -GUID $_.id -ReportType HTML -Path “[PATH]\($_.displayName).html” }
For example:
Get-GPO -all | % { Get-GPOReport -GUID $_.id -ReportType HTML -Path “C:\report\($_.displayName).html” }
small correction (variable expansion):
If you want the group policies exported to separate HTML files you can use the following command:
Get-GPO -all | % { Get-GPOReport -GUID $_.id -ReportType HTML -Path “[PATH]\$($_.displayName).html” }
For example:
Get-GPO -all | % { Get-GPOReport -GUID $_.id -ReportType HTML -Path “C:\report\$($_.displayName).html” }
anyway, thanks for this usefull tip
I think you are missing a $ sign after the second backslash in the path. Should be “C:\report\$($_.displayName).html”
In my environment this example is correct:
Get-GPO -all | % { Get-GPOReport -GUID $_.id -ReportType HTML -Path (‘C:\report\’+($_.displayName)+’.html’) }
The above example wouldn’t work for me… the following did
Get-GPO -all | % { Get-GPOReport -GUID $_.id -ReportType HTML -Path “C:\report\$($_.DisplayName).html” }