用于验证所有 GPO 中的所有安全组不为空的 Powershell 脚本

问题描述 投票:0回答:1

希望验证域中过时的 GPO。标准之一是确保任何链接的 GPO 实际上不会过滤空安全组。因此,我需要编写脚本来检查所有域 GPO、它们的组以及过滤的组是否为空。一直在玩,但遇到问题:

# Function to list GPOs and associated filtered groups
function Get-GPOAndFilteredGroups {
    # Get all GPOs in the domain
    $GPOs = Get-GPO -All

    foreach ($GPO in $GPOs) {
        Write-Host "GPO Name: $($GPO.DisplayName)"
        Write-Host "GPO ID: $($GPO.Id)"
        Write-Host "GPO Domain Name: $($GPO.DomainName)"
        Write-Host "GPO Description: $($GPO.Description)"
        Write-Host "GPO Creation Time: $($GPO.CreatedTime)"
        Write-Host "GPO Last Modified Time: $($GPO.ModifiedTime)"
        
        # Get filtered groups associated with the GPO
        $FilteredGroups = Get-GPPermissions -Guid $GPO.Id | Where-Object { $_.Permission -eq 'GpoApply' -and $_.Inherited -eq $false }
        
        if ($FilteredGroups) {
            Write-Host "Filtered Groups:"
            foreach ($Group in $FilteredGroups) {
                Write-Host "   $($Group.Trustee.Name)"
            }
        } else {
            Write-Host "No filtered groups associated."
        }

        Write-Host "----------------------------------------"
    }
}

# Call the function to list GPOs and associated filtered groups
Get-GPOAndFilteredGroups
powershell
1个回答
0
投票

Get-GPPermissions :无法检索权限级别,因为未提供 All 参数,也未提供 TargetType 和 TargetName 参数。指定 All 参数以检索 GPO 上每个安全主体的权限级别。或者,同时指定 TargetName 和 TargetType 参数以检索单个安全主体的权限级别。然后,运行 再次命令。 行:15 字符:27

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.