Hello,
I am trying to export all the permissions from GPO into a CSV for all the GPO's.
I have a combination of the function Here and I have tried to manipulate the output.
It has worked in a fashion in the fact it pulls the information out however everything for one GPO is on a single line for example:
default domain policy default domain policy SYSTEM Domain Users Domain Admins etc
default domain controller policy default domain controller policy SYSTEM Domain Users Domain Admins etc
Opposed to it being:
Default Domain Policy, SYSTEM, Full Control
Default Domain Policy, Domain Users, ApplyGPO
etc
My code is below:
# Get All GPO Permissions
$Info = @()
function Get-GPOPermissions {
param($GpoName)
Import-Module GroupPolicy
$permsobj = Get-GPPermissions -Name $GPOName -All
foreach ($perm in $permsobj) {
$obj = New-Object -TypeName PSObject -Property @{
GPOName = $GpoName
AccountName = $($perm.trustee.name)
AccountType = $($perm.trustee.sidtype.tostring())
Permissions = $($perm.permission)
}
$obj | Select GPOName, AccountName, AccountType, Permissions
}
}
Get-GPO -All |
ForEach-Object {
$Display = $_.DisplayName
$GPO = New-Object System.Object
$GPO | Add-Member -MemberType NoteProperty -Value $null -Name "GPOName"
$GPO | Add-Member -MemberType NoteProperty -Value $null -Name "AccountName"
$GPO | Add-Member -MemberType NoteProperty -Value $null -Name "AccountType"
$GPO | Add-Member -MemberType NoteProperty -Value $null -Name "Permissions"
$GPOInfo = Get-GPOPermissions $Display | select GPOName, AccountName, AccountType, Permissions
$GPOInfo |
ForEach-Object {
$GPO.GPOName = [string]$GPOInfo.GPOName
$GPO.AccountName = [string]$GPOInfo.AccountName
$GPO.AccountType = [string]$GPOInfo.AccountType
$GPO.Permissions = [string]$GPOInfo.Permissions
$Info += $GPO
}
}
$Info | Export-Csv C:\Temp_Storage\GPOPermissions.csv -NoTypeInformationAny help would be greatly appreciated.
Thanks
James