Powershell To Get Report for all Group Policy Objects

Group policy Object is actively used for security prospective in the organizations. And to keep records or reports for all these GPO’s is very important task for IT Administrator. So int this article we are going to get report for all group policy objects with the help of Power shell.

Scenario:

We are having 2000 Group policy objects in our Domain i.e. contoso.com which is in Windows Server 2008 R2 and our company has decided to upgrade to Windows Server 2012 R2. But, we got to think of reducing some of the administrative tasks and load on GPO’s. So management has decided to figure out that, how many GPO’s we have in our organization and how to reduce those numbers. As I said earlier we have 2000 group policy, we have to reduce them to by at least 20 %.

Watch Video On YouTube

To achieve this task management has ask IT administrator of contoso.com to get report for all the GPO’s and their settings. Compare GPO’s for duplicate group policy settings and how we can make those settings into another GPO’s.

So below are some of the questions can be raise at IT administrator mind and task can be achieved with Power shell

Questions:

How to get HTML or XML Report for single Group Policy Object?

We can use group policy management console to get HTML report for single GPO. To achieve this task you can go to Group Policy Objects Container, right click on desired GPO, Save Report. And select location and save the report in HTML format.

How to Get a Report on All GPO Settings- 1

get report for all group policy objects

How to get HTML or XML report for Multiple Group Policy Objects?

Group policy management console would not be helpful to get report for multiple GPO’s and hence Power shell would be helpful and easy to perform.

Power shell to get HTML or XML report for single windows GPO

Get-GPReport –Name “Disable_Shutdown_GPO” –ReportType HTML –Path C:\GPOReport\ Disable_Shutdown_GPO.html

group policy

Get report for all group policy objects in Domain

Get-GPOReport -All -Domain contoso.com -Server DC2-Contoso -ReportType HTML -Path C:\GPOReport\GPOReport_all.html

group policy management console

Get a Report with Power shell using GUID

There are cases when you could have duplicate name for 2 GPO’s and in that case unique parameter for group policy object is GUID. We can use GPO’s GUID to retrieve this report.

Get-GPOReport –GUID 2F5AF121-86F0-43F4-8C7C-ECD5643A5F6A –ReportType HTML –Path C:\GPOReport\GPO_Audit_Changes.html

group policy management

Conclusion:

We have to use Power Shell to get report for multiple GPO’s in HTML Or XML format. And above commands will be useful to achieve these tasks. Also Please be noted, getting report in HTML or XML for format for 2000 GPO’s could be time consuming and report would be in and around 20 MB or above. So please take precautions to run this into production environment which are having thounds of Group Policy Objects.