ListAllGPOs.wsf (8755B)
1 '//////////////////////////////////////////////////////////////////////////// 2 '// Copyright (c) Microsoft Corporation. All rights reserved 3 '// 4 '// Title: ListAllGPOs.wsf 5 '// Author: mtreit@microsoft.com 6 '// Created: 10/11/2001 7 '// Purpose: Lists all GPOs in a domain 8 '// Revision: Ported from JScript->VBScript by dtsaltas [September 15, 2002] 9 '//////////////////////////////////////////////////////////////////////////// 10 11 '/////////////////////////////////////// 12 '// Initialization 13 '/////////////////////////////////////// 14 <job> 15 16 ' Include necessary libraries 17 <script language="JScript" src="Lib_CommonGPMCFunctions.js"/> 18 <script language="VBScript"> 19 20 ' Create global objects for use by all of the functions 21 Set GPM = CreateObject("GPMgmt.GPM") 22 Set Constants = GPM.GetConstants() 23 24 ' Define flags needed for querying SecurityDescriptor 25 Dim bOwner : bOwner = true 26 Dim bGroup : bGroup = false 27 Dim bDACL : bDACL = false 28 Dim bSACL : bSACL = false 29 30 ' If you don't have write permissions on a GPO, querying for the SACL 31 ' will fail. The following gives you the necessary flags to only query 32 ' for the 'owner' part of the security descriptor, which is all we care 33 ' about in most cases. 'Owner' can be read with read-only rights 34 Dim SecurityFlags 35 36 SecurityFlags = Constants.SecurityFlags(bOwner, bGroup, bDACL, bSACL) 37 38 '/////////////////////////////////////// 39 '// Main script 40 '/////////////////////////////////////// 41 42 ' Handle command line arguments 43 Dim ArgumentList 44 Dim szDomainName 45 Dim bVerbose 46 47 48 Set ArgumentList = ProcessCommandLineArguments 49 szDomainName = ArgumentList.Item("Domain") 50 bVerbose = ArgumentList.Item("Verbose") 51 52 ' Initialize the Domain object 53 Dim GPMDomain 54 Set GPMDomain = GPM.GetDomain(szDomainName,"", Constants.UseAnyDC) 55 56 ' Print the list OF GPOs in the domain 57 ListDomainGPOs(GPMDomain) 58 59 '/////////////////////////////////////// 60 '// Function Definitions 61 '/////////////////////////////////////// 62 63 ' Print information about a GPO 64 Function PrintGPOInfo(GPMGPO) 65 66 WScript.Echo "Name:" & vbTab & GPMGPO.DisplayName 67 WScript.Echo "ID:" & vbTab & GPMGPO.ID & vbCrLf 68 69 End Function 70 71 72 ' Print detailed information about a given GPO 73 Function PrintDetailedGPOInfo(GPMGPO) 74 75 WScript.Echo "==============================================" 76 WScript.Echo "Name:" & vbTab & GPMGPO.DisplayName 77 WScript.Echo "ID:" & vbTab & GPMGPO.ID 78 79 ' Print the GPO details 80 PrintGPODetails GPMGPO 81 82 ' Print apply rights 83 PrintGPOPermissions GPMGPO, Constants.PermGPOApply 84 85 ' Print edit rights 86 PrintGPOPermissions GPMGPO, Constants.PermGPOEdit 87 88 ' Print edit, modify security and delete rights 89 PrintGPOPermissions GPMGPO, Constants.PermGPOEditSecurityAndDelete 90 91 ' Print read rights 92 PrintGPOPermissions GPMGPO, Constants.PermGPORead 93 94 ' Print custom rights 95 PrintGPOPermissions GPMGPO, Constants.PermGPOCustom 96 97 ' Print the list of links 98 PrintGPOLinks GPMGPO 99 100 WScript.Echo vbCrLf 101 WScript.Echo "==============================================" & vbCrLf 102 103 End Function 104 105 ' Print detailed information about a GPO 106 Function PrintGPODetails(GPMGPO) 107 108 Dim strCreated : strCreated = GPMGPO.CreationTime 109 Dim strChanged : strChanged = GPMGPO.ModificationTime 110 Dim strOwner : strOwner = GPMGPO.GetSecurityDescriptor(SecurityFlags).Owner 111 112 WScript.Echo vbCrLf 113 WScript.Echo "-- Details --" 114 WScript.Echo "Created:" & vbTab & strCreated 115 WScript.Echo "Changed:" & vbTab & strChanged 116 WScript.Echo "Owner:" & vbTab & vbTab & strOwner 117 118 WScript.Echo vbCrLf 119 WScript.Echo "User Enabled:" & vbTab & GPMGPO.IsUserEnabled 120 WScript.Echo "Mach Enabled:" & vbTab & GPMGPO.IsComputerEnabled 121 122 WScript.Echo vbCrLf 123 WScript.Echo "-- Version Numbers --" 124 '[todo] - variant types of the following not supported in VBScript 125 WScript.Echo "User DS:" & vbTab & CLng(GPMGPO.UserDSVersionNumber) 126 WScript.Echo "User Sysvol:" & vbTab & CLng(GPMGPO.UserSysvolVersionNumber) 127 WScript.Echo "Mach DS:" & vbTab & CLng(GPMGPO.ComputerDSVersionNumber) 128 WScript.Echo "Mach Sysvol:" & vbTab & CLng(GPMGPO.ComputerSysvolVersionNumber) 129 130 End Function 131 132 ' Print the list of trustees with a particular set of permissions on a GPO 133 Function PrintGPOPermissions(GPMGPO, PermissionType) 134 135 ' Print out a header identifying the type of rights being listed 136 Dim strHeader : strHeader = "" 137 Select Case PermissionType 138 139 Case Constants.PermGPOApply 140 strHeader = vbCrLf & "-- Who this GPO applies to --" 141 142 143 Case Constants.PermGPOEdit: 144 strHeader = vbCrLf & "-- Who can edit this GPO --" 145 146 147 Case Constants.PermGPOEditSecurityAndDelete: 148 strHeader = vbCrLf & "-- Who can edit settings, modify security and delete this GPO --" 149 150 151 Case Constants.PermGPORead: 152 strHeader = vbCrLf & "-- Who only has Read access --" 153 154 155 Case Constants.PermGPOCustom: 156 strHeader = vbCrLf & "-- Who has custom permissions --" 157 158 End Select 159 160 ' WScript.Echo strHeader 161 162 ' Get the list of security settings on this GPO 163 Dim GPMSecurityInfo 164 Set GPMSecurityInfo = GPMGPO.GetSecurityInfo() 165 166 ' Print out the groups who have the specified permission 167 168 Dim GPOPermission 169 Dim strTrusteeName 170 171 For Each GPOPermission in GPMSecurityInfo 172 173 strTrusteeName = "" 174 If GPOPermission.Permission = PermissionType Then 175 On Error Resume Next 176 strTrusteeName = GPOPermission.Trustee.TrusteeName 177 If Err.Number <> 0 Then 178 strTrusteeName = GPOPermission.Trustee.TrusteeSid 179 End If 180 WScript.Echo strTrusteeName 181 End If 182 Next 183 End Function 184 185 ' Print all places a given GPO is linked 186 Function PrintGPOLinks(GPMGPO) 187 188 ' Search for all SOM links for this GPO 189 Dim objGPMSearchCriteria 190 Set objGPMSearchCriteria = GPM.CreateSearchCriteria() 191 objGPMSearchCriteria.Add Constants.SearchPropertySOMLinks, Constants.SearchOpContains, GPMGPO 192 193 WScript.Echo vbCrLf & "-- Where this GPO is linked --" 194 195 On Error Resume Next 196 Dim SOMList : Set SOMList = GPMDomain.SearchSOMs(objGPMSearchCriteria) 197 If Err.Number <> 0 Then 198 WScript.Echo Err.Number '[todo] port ErrCode function....use here?? 199 WScript.Echo Err.Description 200 End If 201 202 If SOMList.Count = 0 Then 203 WScript.Echo "No links found for this GPO." 204 Exit Function 205 End If 206 207 ' Print out all links that were found 208 209 Dim SOM 210 Dim strSOMType 211 For Each SOM in SOMList 212 Select Case SOM.Type 213 Case Constants.SOMSite 214 strSOMType = "Site" 215 216 Case Constants.SOMDomain 217 strSOMType = "Domain" 218 219 case Constants.SOMOU 220 strSOMType = "OU" 221 End Select 222 223 WScript.Echo SOM.Name & " (" & strSOMType & ")" 224 Next 225 226 End Function 227 228 ' Takes a WScript.Arguments object and returns a dictionary object 229 ' containing the named arguments and values that were passed in 230 Function ProcessCommandLineArguments 231 Dim szDomainName : szDomainName = "" 232 Dim bVerbose : bVerbose = false 233 234 ' Check if this is cscript. If not, print an error and bail out 235 236 If UCase(Right(WScript.FullName,11)) = "WSCRIPT.EXE" Then 237 WScript.Echo "You must use cscript.exe to execute this script." 238 WScript.Quit(-1) 239 End If 240 241 Dim Result 242 Set Result = CreateObject("Scripting.Dictionary") 243 244 If WScript.Arguments.Length > 0 Then 245 If WScript.Arguments.Named.Exists("V") Then 246 bVerbose = true 247 End If 248 249 If WScript.Arguments.Named.Exists("Domain") Then 250 szDomainName = WScript.Arguments.Named("Domain") 251 End If 252 End If 253 254 ' Get the current domain if none was specified 255 If szDomainName = "" Then 256 szDomainName = GetDNSDomainForCurrentUser() 257 End If 258 259 Result.Add "Verbose", bVerbose 260 Result.Add "Domain", szDomainName 261 262 Set ProcessCommandLineArguments = Result 263 End Function 264 265 ' Print out a list of all GPOs in the domain 266 Function ListDomainGPOs(GPMDomain) 267 ' Create the search criteria object 268 Dim GPMSearchCriteria 269 Set GPMSearchCriteria = GPM.CreateSearchCriteria 270 271 ' Get all of the GPOs by passing in the blank 272 ' SearchCriteria 273 Dim GPOList 274 Set GPOList = GPMDomain.SearchGPOs(GPMSearchCriteria) 275 276 ' Now print out the list 277 Dim GPMGPO 278 279 If bVerbose = false Then 280 WScript.Echo "** For detailed info use the '/v' switch **" & vbCRLF 281 End If 282 283 WScript.Echo "== Found " & GPOList.Count & " GPOs in " & szDomainName & " ==" & vbCRLF 284 285 ' Loop through the list and print info for each GPO 286 For Each GPMGPO in GPOList 287 If bVerbose = true Then 288 PrintDetailedGPOInfo(GPMGPO) 289 290 Else 291 PrintGPOInfo(GPMGPO) 292 End If 293 Next 294 End Function 295 296 </script> 297 298 299 <!-- Usage and command line argument information --> 300 <runtime> 301 302 <description> 303 Prints out data about all GPOs in a domain. 304 </description> 305 306 <named name="v" helpstring="Verbose mode - displays detailed information about each GPO" type="simple" required="false" /> 307 <named name="Domain" helpstring="DNS name of domain to query" type="string" required="false" /> 308 309 <example> 310 Example: ListAllGPOs.wsf /v 311 </example> 312 313 </runtime> 314 315 </job>