How to find out if a machine has a certain GPO applied?
Hello.
Is it possible to view in KACE a list of policies which were applied on inventory with Windows Group Policy Managment?
1 Comment
[ + ] Show comment
-
If I want to find out which machines applied one of certain group policies. - anonymous_107485 10 years ago
Answers (2)
Please log in to answer
Posted by:
SMal.tmcc
10 years ago
you can create a custom software inventory using
ShellCommandTextReturn(cmd /c gpresult /r /scope:computer)
Comments:
-
you can run this on your machines and create a report and in the filter use the custom inventory name contains "that certain name" - SMal.tmcc 10 years ago
-
Thank you! When I run gpresult /r from the command prompt on my machine, I get this output. But when I put ShellCommandTextReturn(cmd /c gpresult /r) in as a custom inventory rule, this is the output I get on the device detail page for my machine.
INFO: The user "CULPEPERCOUNTY\IT2244$" does not have RSOP data.
[string] - County of Culpeper 8 years ago-
Running into same thing but now for all machines. Did you ever find a resolution? - joeCool57 6 years ago
-
ShellCommandTextReturn(cmd /c type C:\ProgramData\Dell\KACE\user\gpresult.txt) - County of Culpeper 6 years ago
-
Microsoft changed the way gpresult calls, it now needs you to pick a user for RSOP data. Hopefully you have one domain user on every machine like we do. We have the user "installer" that I use for K2 post tasks.
I use: ShellCommandTextReturn(cmd /c gpresult /user tmccacad\installer /v /scope computer)
and that processes. - SMal.tmcc 6 years ago
Posted by:
SMal.tmcc
10 years ago
for one certain policy:
Search the policy name in the registry on a machine that it shows when you run gpresult on it and use a custom software entry that looks for that key
for example to find the logon policy:
the key for this in our domain is
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}\2]
"DisplayName"="Logon Notice"
so I can create a software inventory using one of these queries:
Search the policy name in the registry on a machine that it shows when you run gpresult on it and use a custom software entry that looks for that key
for example to find the logon policy:
the key for this in our domain is
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}\2]
"DisplayName"="Logon Notice"
so I can create a software inventory using one of these queries:
RegistryKeyExists(registryPath)you can also do a text return on the "reg query" command if you have multiple domains and that key name may vary in location (open a cmd window and enter "reg query /?" for more info)
RegistryValueEquals(registryPath, valueName, value)
