DumpGPOInfo.wsf (9505B)
1 '//////////////////////////////////////////////////////////////////////////// 2 '// Copyright (c) Microsoft Corporation. All rights reserved 3 '// 4 '// Title: DumpGPOInfo.wsf 5 '// Author: mtreit@microsoft.com 6 '// Created: 10/13/2001 7 '// Purpose: Lists info for a specific GPO 8 '// Revision: Ported from JScript->VBScript by dtsaltas (October 20,2002) 9 '// 10 '//////////////////////////////////////////////////////////////////////////// 11 12 '/////////////////////////////////////// 13 '// Initialization 14 '/////////////////////////////////////// 15 <job> 16 17 ' Include necessary libraries 18 <script language="JScript" src="Lib_CommonGPMCFunctions.js"/> 19 <script language="VBScript"> 20 21 ' Create global objects for use by the rest of the script 22 Dim GPM : Set GPM = CreateObject("GPMgmt.GPM") 23 Dim Constants : Set Constants = GPM.GetConstants() 24 25 ' Define flags needed for querying SecurityDescriptor 26 Dim bOwner : bOwner = true 27 Dim bGroup : bGroup = false 28 Dim bDACL : bDACL = false 29 Dim bSACL : bSACL = false 30 31 32 ' If you don't have write permissions on a GPO, querying for the SACL 33 ' will fail. The following gives you the necessary flags to only query 34 ' for the 'owner' part of the security descriptor, which is all we care 35 ' about in most cases. 'Owner' can be read with read-only rights 36 37 Dim SecurityFlags 38 SecurityFlags = Constants.SecurityFlags(bOwner, bGroup, bDACL, bSACL) 39 40 '/////////////////////////////////////// 41 '// Main script 42 '/////////////////////////////////////// 43 44 ' Handle command line arguments 45 Dim ArgumentList 46 Set ArgumentList = ProcessCommandLineArguments 47 Dim strDomainName : strDomainName = ArgumentList.Item("Domain") 48 Dim strGPOName : strGPOName = ArgumentList.Item("GPOName") 49 50 ' Initialize the Domain object 51 Dim GPMDomain 52 Set GPMDomain = GPM.GetDomain(strDomainName, "", Constants.UseAnyDC) 53 54 ' Get the current forest 55 Dim strForest : strForest = CStr(GetForestDNSName(strDomainName)) 56 57 ' Initialize the Sites Container Object 58 Dim GPMSitesContainer 59 Set GPMSitesContainer = GPM.GetSitesContainer(strForest, strDomainName, "", Constants.UseAnyDC) 60 61 ' Print info about a specific GPO 62 PrintGPOInfo strGPOName, GPMDomain 63 64 '/////////////////////////////////////// 65 '// Function Definitions 66 '/////////////////////////////////////// 67 68 ' Print info about a specific GPO 69 Function PrintGPOInfo(strGPOName, GPMDomain) 70 On Error Resume Next 71 72 ' Get the desired GPO - this will either return a single GPO, or 73 ' a list if more than one GPO with the specified name exists 74 Dim GPOList 75 Set GPOList = GetGPO(strGPOName, GPMDomain) 76 77 If GPOList Is Nothing Then 78 WScript.Echo "Could not find GPO '" & strGPOName & "' in domain '" & GPMDomain.Domain & "'." 79 Exit Function 80 End If 81 82 Dim iGPOCount : iGPOCount = 0 83 iGPOCount = GPOList.Count 84 85 If iGPOCount > 0 Then 86 ' Multiple GPOs were found 87 WScript.Echo "** " & GPOList.Count & " GPOs were found with name '" & strGPOName & "' **" & vbCrLf 88 WScript.Echo "Dumping all instances." 89 90 For Each objGPO in GPOList 91 PrintDetailedGPOInfo objGPO 92 Next 93 94 Exit Function 95 Else 96 ' We have a single GPO, not a list, so just process it 97 PrintDetailedGPOInfo GPOList 98 End If 99 100 End Function 101 102 103 ' Print detailed info about a GPO 104 Function PrintGPODetails(GPMGPO) 105 106 Dim strCreated : strCreated = GPMGPO.CreationTime 107 Dim strChanged : strChanged = GPMGPO.ModificationTime 108 Dim strOwner : strOwner = GPMGPO.GetSecurityDescriptor(SecurityFlags).Owner 109 110 WScript.Echo vbCrLf & "-- Details --" 111 WScript.Echo "Created:" & vbTab & strCreated 112 WScript.Echo "Changed:" & vbTab & strChanged 113 WScript.Echo "Owner:" & vbTab & vbTab & strOwner 114 115 WScript.Echo vbCrLf 116 WScript.Echo "User Enabled:" & vbTab & GPMGPO.IsUserEnabled 117 WScript.Echo "Mach Enabled:" & vbTab & GPMGPO.IsComputerEnabled 118 119 WScript.Echo vbCrLf 120 WScript.Echo "-- Version Numbers --" 121 '[todo] - variant types of the following not supported in VBScript 122 WScript.Echo "User DS:" & vbTab & CLng(GPMGPO.UserDSVersionNumber) 123 WScript.Echo "User Sysvol:" & vbTab & CLng(GPMGPO.UserSysvolVersionNumber) 124 WScript.Echo "Mach DS:" & vbTab & CLng(GPMGPO.ComputerDSVersionNumber) 125 WScript.Echo "Mach Sysvol:" & vbTab & CLng(GPMGPO.ComputerSysvolVersionNumber) 126 127 End Function 128 129 ' Print the list of trustees with a particular set of permissions on a GPO 130 Function PrintGPOPermissions(GPMGPO, PermissionType) 131 132 ' Print out a header identifying the type of rights being listed 133 Dim strHeader : strHeader = "" 134 Select Case PermissionType 135 136 Case Constants.PermGPOApply 137 strHeader = vbCrLf & "-- Who this GPO applies to --" 138 139 140 Case Constants.PermGPOEdit: 141 strHeader = vbCrLf & "-- Who can edit this GPO --" 142 143 144 Case Constants.PermGPOEditSecurityAndDelete: 145 strHeader = vbCrLf & "-- Who can edit settings, modify security and delete this GPO --" 146 147 148 Case Constants.PermGPORead: 149 strHeader = vbCrLf & "-- Who only has Read access --" 150 151 152 Case Constants.PermGPOCustom: 153 strHeader = vbCrLf & "-- Who has custom permissions --" 154 155 End Select 156 157 WScript.Echo strHeader 158 159 ' Get the list of security settings on this GPO 160 Dim GPMSecurityInfo 161 Set GPMSecurityInfo = GPMGPO.GetSecurityInfo() 162 163 ' Print out the groups who have the specified permission 164 165 Dim GPOPermission 166 Dim strTrusteeName 167 168 For Each GPOPermission in GPMSecurityInfo 169 170 strTrusteeName = "" 171 If GPOPermission.Permission = PermissionType Then 172 On Error Resume Next 173 strTrusteeName = GPOPermission.Trustee.TrusteeName 174 If Err.Number <> 0 Then 175 strTrusteeName = GPOPermission.Trustee.TrusteeSid 176 End If 177 WScript.Echo strTrusteeName 178 End If 179 Next 180 End Function 181 182 ' Print all places a given GPO is linked 183 Function PrintGPOLinks(GPMGPO) 184 185 ' Search for all SOM links for this GPO 186 Dim GPMSearchCriteria 187 Set GPMSearchCriteria = GPM.CreateSearchCriteria() 188 GPMSearchCriteria.Add Constants.SearchPropertySOMLinks, Constants.SearchOpContains, GPMGPO 189 190 WScript.Echo vbCrLf 191 WScript.Echo "-- Where this GPO is linked (Sites,Domain,OU) --" 192 193 Dim SOMList 194 On Error Resume Next 195 Set SOMList = GPMDomain.SearchSOMs(GPMSearchCriteria) 196 If Err.Number <> 0 Then 197 WScript.Echo ErrCode(Err.Number) 198 WScript.Echo Err.Description 199 WScript.Clear 200 WScript.Quit(-1) 201 End If 202 203 Dim SiteLinkList 204 On Error Resume Next 205 Set SiteLinkList = GPMSitesContainer.SearchSites(GPMSearchCriteria) 206 If Err.Number <> 0 Then 207 WScript.Echo ErrCode(Err.Number) 208 WScript.Echo Err.Description 209 WScript.Clear 210 WScript.Quit(-1) 211 End If 212 213 If SOMList.Count = 0 and SiteLinkList.Count = 0 Then 214 WScript.Echo "No Site, Domain or OU links found for this GPO" 215 Exit Function 216 End If 217 218 ' Print out all domain/OU GPO links that were found 219 Dim SOM 220 Dim strSOMType 221 222 For Each SOM in SOMList 223 Select Case SOM.Type 224 Case Constants.SOMDomain 225 strSOMType = "Domain" 226 Case Constants.SOMOU 227 strSOMType = "OU" 228 End Select 229 230 ' Print GPO Domain and OU links 231 WScript.Echo SOM.Name & " (" & strSOMType & ")" 232 233 Next 234 235 ' Print GPO Site Links 236 Dim SiteLink 237 238 For Each SiteLink in SiteLinkList 239 WScript.Echo SiteLink.Name & " (Site)" 240 Next 241 242 End Function 243 244 'Prints detailed info about a given GPO 245 Function PrintDetailedGPOInfo(GPMGPO) 246 247 WScript.Echo "==============================================" 248 WScript.Echo "Name:" & vbTab & GPMGPO.DisplayName 249 WScript.Echo "ID:" & vbTab & GPMGPO.ID 250 251 ' Print the GPO details 252 PrintGPODetails GPMGPO 253 254 ' Print apply rights 255 PrintGPOPermissions GPMGPO, Constants.PermGPOApply 256 257 ' Print edit rights 258 PrintGPOPermissions GPMGPO, Constants.PermGPOEdit 259 260 ' Print edit, modify security and delete rights 261 PrintGPOPermissions GPMGPO, Constants.PermGPOEditSecurityAndDelete 262 263 ' Print read rights 264 PrintGPOPermissions GPMGPO, Constants.PermGPORead 265 266 ' Print custom rights 267 PrintGPOPermissions GPMGPO, Constants.PermGPOCustom 268 269 ' Print the list of links 270 PrintGPOLinks GPMGPO 271 272 WScript.Echo vbCrLf 273 WScript.Echo "==============================================" & vbCrLf 274 275 End Function 276 277 278 ' Takes a WScript.Arguments object and returns a dictionary object 279 ' containing the named arguments and values that were passed in 280 Function ProcessCommandLineArguments() 281 282 Dim strGPOName : strGPOName = "" 283 Dim strDomainName : strDomainName = "" 284 285 ' Check if this is cscript. If not, print an error and bail out 286 287 If UCase(Right(WScript.FullName,11)) = "WSCRIPT.EXE" Then 288 WScript.Echo "You must use cscript.exe to execute this script." 289 WScript.Quit(-1) 290 End If 291 292 293 If WScript.Arguments.Length = 0 Then 294 WScript.Arguments.ShowUsage 295 WScript.Quit(-1) 296 End If 297 298 Dim Result 299 Set Result = CreateObject("Scripting.Dictionary") 300 301 strGPOName = WScript.Arguments(0) 302 303 If WScript.Arguments.Named.Exists("Domain") Then 304 strDomainName = WScript.Arguments.Named("Domain") 305 End If 306 307 ' Get the current domain if none was specified 308 If strDomainName = "" Then 309 strDomainName = GetDNSDomainForCurrentUser() 310 End If 311 312 Result.Add "GPOName",strGPOName 313 Result.Add "Domain" ,strDomainName 314 Set ProcessCommandLineArguments = Result 315 316 End Function 317 318 </script> 319 320 <!-- Usage and command line argument information --> 321 <runtime> 322 323 <description> 324 Given a GPO name or GUID, prints information about that GPO. 325 </description> 326 327 <unnamed name="GPOName" helpstring="GPO name or ID" type="string" required="true" /> 328 <named name="Domain" helpstring="DNS name of domain" type="string" required="false" /> 329 330 <example> 331 Example: DumpGPOInfo.wsf TestGPO /domain:mydomain.com 332 </example> 333 334 </runtime> 335 336 </job>