Search Group Policy with PowerShell Script

I was looking for a certain Group Policy Preferences setting, where a registry value was being changed. Resultant Set Of Policy (RSOP) won’t help with these, and I couldn’t see a nice PowerShell command for searching through Group Policies.

I put the shoutout on Twitter to see who could help, and Tony Murray came back quickly with a script he’d created, and promptly uploaded to the Microsoft TechNet Gallery where I could download it.

It’s a reasonably simple script (which for me would have taken at least an hour to do beginning to end!) and is very easy to use.

Running the ps1 file will provide you with a prompt, asking what string you’re searching for. Enter the string, and it’ll give back all the Group Policy objects, along with if there was a match or not:

match

After seeing it work, I decided to make one slight change; I removed this section:

    else { 
        Write-Host "No match in: $($gpo.DisplayName)" 
    } # end else 

which results in the script only showing matches, and displaying no output otherwise. Handy if you have a long list of objects to look through!

Thanks again Tony for both writing this and sharing it!

 

Update 20th Dec 2018

Although the script is really useful, it didn’t like special characters for the search string which makes it hard to search for registry settings. I’ve changed how the search function works on a single line, and it now seems to be happy with special characters. This also appears to come at a cost of speed, it’s a bit slower to search. I’m letting Tony know so he can consider updating his master script, but if you want to do it, just replace the line:

if ($report match $string) {

with

if ($report.contains(“$string”) -eq $true) {

Again since it’s not my script I don’t really want to put the entire end result up, but here’s how it should look after the comments section:

Leave a Reply