Powershell - presentation of the GPOZaurr module for analysing your GPOs
To support me, you can subscribe to the channel, share and like the videos, disable your ad blocker or make a donation. Thank you!
Hello,
The GPOZaurr module allows you to analyse your GPO and also correct any problems detected.
As stated by module author Przemyslaw Klys: “I have done a lot of research and put a lot of effort into making this PowerShell module work as expected. However, sometimes I make mistakes.”
When a problem is reported, the report provides an option for correction in the form of a link at the end of the report section or a powershell command (supporting -Whatif)
For modifications and deletions, take care to ensure you understand the action you are going to perform
Documentation
https://github.com/EvotecIT/GPOZaurr
A single command (Invoke-GPOZaurr) provides the following reports: - GPOBroken - GPOBrokenLink - GPOOwners - GPOConsistency - GPODuplicates - GPOOrganizationalUnit - GPOList - GPOLinks - GPOPassword - GPOPermissions - GPOPermissionsAdministrative - GPOPermissionsRead - GPOPermissionsRoot - GPOPermissionsUnknown - GPOFiles - GPOBlockedInheritance - GPOAnalysis - GPOUpdates - NetLogonOwners - NetLogonPermissions - SysVolLegacyFiles
Reports available :
GPOBroken: This report detects GPOs that are broken. By broken GPOs, I mean those that exist in AD but have no SYSVOL content or vice versa - that have SYSVOL content, but no AD metadata. In addition, it is able to detect GPO objects that are no longer GroupPolicy objects. - It then provides a simple way to rectify the situation using step-by-step instructions.
GPOBrokenLink: This report can detect links that do not have a corresponding GPO. For example, if a GPO is deleted, sometimes the links to that GPO are not correctly deleted. This command can detect this and suggest a solution.
GPOOwners: This report focuses on GPO owners. By design, if a domain administrator creates a GPO, the owner of the GPO is the domain administrators group. This report detects GPOs that do not belong to Domain Admins (both in SYSVOL and AD) and suggests a solution to fix them.
GPOConsistency: This report detects inconsistent permissions between Active Directory and SYSVOL, checking that the files/folder inside each GPO match the required permissions. It then provides you with an option to remedy this.
GPODuplicates: This report detects GPOs that are CNFs, in other words duplicate AD objects, and suggests a way to remove them.
GPOList: This report summarises all Group Policies, focusing on detecting GPOs that are empty, unbound, disabled, without application permissions. It can also detect GPOs that are not optimised or have potential problems (deactivated section, but still containing settings).
GPOLinks: This report summarises the links indicating where the GPO is linked, whether it is linked to any site, to another domain, or the status of the links.
GPOPassword : This report should detect passwords stored in GPOs.
GPOPermissions: This report provides a complete overview of permissions for all GPOs. It detects GPOs that do not have read permissions for authenticated users, GPOs that do not have domain administrator, enterprise administrator or system administrator permissions. It also detects GPOs that have unknown permissions available. Finally, it allows you to set the permissions for all these GPOs easily. It’s basically a one-stop shop for all your permissions needs.
GPOPermissionsAdministrative: This report focuses solely on detecting missing permissions for domain administrators and enterprise administrators and allows you to fix them in no time.
GPOPermissionsRead: Similar to an administrative report, but this one focuses on authenticated users who don’t have their permissions.
GPOPermissionsRoot: This report shows all permissions assigned to the root of the Group Policy container. It allows you to quickly check who can manage all GPOs.
GPOPermissionsUnknown: This report focuses on detecting unknown permissions (deleted users) and allows you to remove them painlessly.
GPOFiles: This report lists all files in the SYSVOL folder (including hidden files) and attempts to determine whether the file location based on extension/type makes sense or requires further checking. It was written to find potential malware or old files that can be safely removed.
GPOBlockedInheritance: This report looks for all organisational units with blocked inheritance and checks the number of users or computers affected.
GPOAnalysis: This report reads all Group Policy content and sorts it into over 70 categories. It can show things like GPOs that do Drive Mapping, Bitlocker, Laps, Printers, etc. It’s handy for finding dead settings, dead hosts or settings that no longer make sense.
NetLogonOwners: This report focuses on detecting NetLogon owners and how to reset them to default and secure values.
NetLogonPermissions : This report provides an overview and assessment of all permissions on the NetLogon share.
SysVolLegacyFiles: This report detects SYSVOL Legacy Files (.adm).
Related links
Powershell - How to add and view a GPO description
How to add and view a GPO description in PowershellActive Directory - Viewing and protecting unprotected organizational units with Powershell
Active Directory - Viewing and protecting unprotected organizational units with PowershellPowershell - Testimo module for testing your Active Directory
Testimo is a PowerShell module designed to facilitate basic or more advanced testing of Active DirectoryPowershell - presentation of the GPOZaurr module for analysing your GPOs
The GPOZaurr module allows you to analyse your GPOs and also to modify or even delete themPowershell - AD As Built Report module overview
Microsoft AD As Built Report is a PowerShell module that works in conjunction with AsBuiltReport.Core to generate a report on your Active DirectoryHow to join an Active Directory domain with PowerShell DSC
Joining an Active Directory domain with PowerShell DSC
Follow me on
Support me
Last content
Powershell and the Left Hand Side
Powershell - Managing disks, partitions and volumes
Powershell - Managing System Restore Points in Windows
Powershell - Playing with the Windows clipboard
Powershell - Changing the state of a computer (sleep, hibernate, shutdown, restart)
Powershell - Compress-Archive and Expand-Archive to create and extract ZIP archives
Powershell - Export-Csv versus Export-Clixml
Powershell - Overview of Where-Object basic syntax and its limitations
Powershell - Hyper-V - Give a custom name to a virtual network adapter