PoshCode Archive  Artifact [61c6f2a569]

Check-ins Using Download Hex

Artifact 61c6f2a5698293ed376eb0f8e6dbdb4ad3f299b2ab69c42a488c4685cf635dae:

  • File GPO-Repair.ps1 — part of check-in [6fa3ab9812] at 2018-06-10 13:59:23 on branch trunk — I wanted a quick function that would tell me what policies were missing a specific group/account, and have the ability to resolve the problem. This function will display your query by default, and will apply the settings using the -APPLY parameter. Enjoy! (user: JayneticMuffin size: 2937) 
# encoding: ascii
# api: powershell
# title: GPO Repair
# description: I wanted a quick function that would tell me what policies were missing a specific group/account, and have the ability to resolve the problem. This function will display your query by default, and will apply the settings using the -APPLY parameter.  Enjoy!
# version: 0.1
# type: function
# author: JayneticMuffin
# license: CC0
# function: Fix-GPOPermission
# x-poshcode-id: 5692
# x-archived: 2015-06-10T02:27:38
# x-published: 2015-01-15T13:26:00
#
#
Function Fix-GPOPermission {
<#
	.SYNOPSIS
		Repairs GPOs that have had an account removed from the delegation tab. Does NOT give GPOAPPLY rights.
	.DESCRIPTION
        
	.PARAMETER TargetName
		Account that should be given access (ie. "Authenticated Users")
	.PARAMETER TargetType
		Valid names are "Computer", "Group", "User"
	.PARAMETER Apply
		Applies the settings
	.PARAMETER ShowAll
		Displays all the GPOs and appends [Correct] to those that the change will not apply to.
	.EXAMPLE
		PS C:\> Fix-GPOPermission -TargetName 'Authenticated Users' -TargetType 'Group'
		Shows the group policies that do not have the queried account permissions set
	.EXAMPLE
		PS C:\> Fix-GPOPermission -TargetName 'Authenticated Users' -TargetType 'Group' -Apply
		Shows the group policies that do not have the queried account permissions set, and applies the settings.
		NOTE: If more rights are already set to a policy, then those being applied, there is no change to the policy.
	.EXAMPLE
		PS C:\> Fix-GPOPermission -TargetName 'Authenticated Users' -TargetType 'Group' -ShowAll
#>
	[cmdletbinding()]
	param(
		[Parameter(Mandatory=$true)][string]$TargetName,
		[Parameter(Mandatory=$true)][ValidateSet("Computer","Group","User")][string]$TargetType,
		[Switch]$Apply,
		[Switch]$ShowAll
	)
	BEGIN {
		$Domain = (Get-ADDomain).DNSRoot -as [string]
		$gpos = Get-GPO -All -Domain $Domain | Sort DisplayName
		Write-Verbose "  Found $($gpos.Count) total GPOs"
		$counter = 0
	}
	PROCESS {
		ForEach ($gpo in $gpos) {
			Try { 
				$null = Get-GPPermission -Guid $gpo.id -TargetName $TargetName -TargetType $TargetType -DomainName $Domain -ErrorAction 'Stop'
				If ($ShowAll) {
					$props = @{
						'DisplayName'	= "[Correct] - $($gpo.DisplayName)";
						'ID'		= $gpo.Id
					}
					$objGPO = New-Object -TypeName PSObject -Property $props
					Write-Output $objGPO
				}
			}
			Catch [System.Exception] {
				$counter++
				$props = @{
					'DisplayName'	= $gpo.DisplayName;
					'ID'		= $gpo.Id
				}
				$objGPO = New-Object -TypeName PSObject -Property $props
				Write-Output $objGPO
				If ($Apply) {
					Set-GPPermission -Guid $gpo.Id -TargetName $user -TargetType Group -PermissionLevel:GpoRead
				}
			}
		}
		If ($counter -gt 0) {
			Write-Warning "  Found $counter GPOs with '$TargetName' rights missing"
		}
	}
	END {	}
}
Fossil 2.20 [0d61fd2310] 2022-10-28 19:48:33
This page was generated in about 0.01s