How to manage GPOs with vbScript?

Mar 16, 2012

You can do really really cool stuff with gpos in vbScript. I will show you how to export reports and give you some examples what else can be done going the vbScript way…
The Group Policy Management console in Windows offers you the possibility to export reports about group policy object’s settings to html files – this, for example, is an excerpt of my default domain controllers policy:

You can do this (and much more) by script too. Here is how you can do it… You can choose to save this report in a variable to do further processing in your script or you can save it to a file, just like the console does.

[code lang=”vb”]
Function getGPOHTMLReport(strDomain, strGPOCN)
Set objGPM = CreateObject("GPMgmt.GPM")
Set objGPMConstants = objGPM.GetConstants()
Set objGPMDomain = objGPM.GetDomain(strDomain, "", objGPMConstants.UseAnyDC)
Set objGPO = objGPMDomain.GetGPO(strGPOCN)
Set objGPMReport = objGPO.GenerateReport(objGPMConstants.ReportHTML)
getGPOHTMLReport = objGPMReport.result
End Function

Wscript.echo getGPOHTMLReport("normanbauer.com", "{6AC1786C-016F-11D2-945F-00C04fB984F9}") ‘Default Domain Controllers Policy
[/code]

[code lang=”vb”]
Sub exportGPOHTMLReport(strDomain, strGPOCN, strOutFilename)
Set objGPM = CreateObject("GPMgmt.GPM")
set objGPMConstants = objGPM.GetConstants()
set objGPMDomain = objGPM.GetDomain(strDomain, "", objGPMConstants.UseAnyDC)

Set objGPO = objGPMDomain.GetGPO(strGPOCN)
objGPO.GenerateReportToFile objGPMConstants.ReportHTML, strOutFilename
End Sub

exportGPOHTMLReport "normanbauer.com", "{6AC1786C-016F-11D2-945F-00C04fB984F9}", "C:\temp\export.html" ‘Default Domain Controllers Policy
[/code]

Functions used in the scripts above:

The function above generates the report of the specified gpo (you can find the cn of the gpo [“Unique ID”] in the Group Policy Management console on the details tab of a gpo, or in the System\Policies Container in Active Directory) and returns the html formatted result. The sub does almost the same but does not return the result but saves it to a file specified in strOutFilename.

You can do much more with the GPMgmt.GPM object – almost everything what the console can do, like creating, deleting and copying gpos, get and set wmi filters and set the gpo to be enabled or disabled on computer and/or user accounts.


Did that help?

Buy me a coffeeBuy me a coffee

Submit a Comment

Your email address will not be published. Required fields are marked *