You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think there is a problem when generating the 'gpresult', txt and HTML files.
The script must be run in Administator mode... fine.
So, suppose my current Windows session is Domain\JDOE.
I run the script with Powershell launched in Administator mode with the Domain\JDOELocalAdmininstrator account...
But in this case, GPResult won't get any result with an error message like "The user 'Domain\JDOELocalAdmininstrator' doesn't have RSOP data".
Because the GPOs had been retreived from the DC and applied to the PC for the current Windows session with JDOE account but not for the JDOELocalAdmininstrator account.
So the Powershell script can't read the GPOs for the JDOELocalAdmininstrator account.
I think it should be specified in the script the Logged session user in the GPResult command like suggested below.
Written code in the script :
#Get usefull filesWrite-Host"#########>Take File to analyse<#########"-ForegroundColor DarkGreen
$seceditfile="./secpol"+"-"+"$OSName"+".cfg"
secedit /export /cfg $seceditfile#Second command in case of emergency$gpofile="./gpo"+"-"+"$OSName"+".txt"
gpresult /r /V >$gpofile$gpofile="./gpo"+"-"+"$OSName"+".html"
gpresult /h $gpofile/f |out-null$auditconfigfile="./auditpolicy"+"-"+"$OSName"+".txt"auditpol.exe/get /Category:*>$auditconfigfile
Suggested code :
#Get usefull filesWrite-Host"#########>Take File to analyse<#########"-ForegroundColor DarkGreen
$seceditfile="./secpol"+"-"+"$OSName"+".cfg"
secedit /export /cfg $seceditfile#Second command in case of emergency$gpofile="./gpo"+"-"+"$OSName"+".txt"#-----------------------------------# If the current Powershell user - adminXXX - is not the current Windows Session Username ==> GpResult Error "The user 'xxxxxxx\adminXXX' doesn't have RSOP data" #-----------------------------------$PCUser= (Get-WMIObject-Classname Win32_ComputerSystem).Username # Get current LogonSession username $PSUser= [System.Security.Principal.WindowsIdentity]::GetCurrent().Name # Get current Powershell Userif ($PCUser-Like$PSUser) { # If the current Powershell user - adminXXX - is the current Windows Session Username
gpresult /r /V >$gpofile
} else {
# ==> the text file generated by gpresult will only contain "INFO : The user 'xxxxxxx\yyyyy' doesn't have RSOP data"... need to specifiy the User parameter
gpresult /r /V /user $PCUSER>$gpofile# Execute the gpresult for the Windows Session Username
}
$gpofile="./gpo"+"-"+"$OSName"+".html"if ($PCUser-Like$PSUser) { # If the current Powershell user - adminXXX - is the current Windows Session Username
gpresult /h $gpofile/f |out-null
} else {
# ==> gpresult won't generate the HTML file... need to specify the User Parameter
gpresult /h $gpofile/f /user $PCUSER|out-null# Execute the gpresult for the Windows Session Username
}
#-----------------------------------
The text was updated successfully, but these errors were encountered:
Hi,
Very nice script, thanks a lot... ;-)
I think there is a problem when generating the 'gpresult', txt and HTML files.
The script must be run in Administator mode... fine.
So, suppose my current Windows session is Domain\JDOE.
I run the script with Powershell launched in Administator mode with the Domain\JDOELocalAdmininstrator account...
But in this case, GPResult won't get any result with an error message like "The user 'Domain\JDOELocalAdmininstrator' doesn't have RSOP data".
Because the GPOs had been retreived from the DC and applied to the PC for the current Windows session with JDOE account but not for the JDOELocalAdmininstrator account.
So the Powershell script can't read the GPOs for the JDOELocalAdmininstrator account.
I think it should be specified in the script the Logged session user in the GPResult command like suggested below.
Written code in the script :
Suggested code :
The text was updated successfully, but these errors were encountered: