<< Back to Script Library

List Computer GPOs

This SBA shows the current computer Group Policy Objects applied based on the records inside the "Operational" log under "Microsoft-Windows-GroupPolicy".

By default the log size is configured to 4MB,
That means that this SBA can look back this much.
Consider increasing the log size to view older entries.
Version: 1.1.4
Created: 2016-06-07
Modified: 2016-06-07
Creator: Zeev Eisenberg
Downloads: 1473
Tags: computer GPO gpresult Group Policy logon rsop
The Script Copy Script Copied to clipboard
        Outputs computer applied group policies
        This script shows computer applied group policies as shown inside the EventLog
.PARAMETER <paramName>
        None at this point
        <Script Path>\script.ps1
        List of applied group policies
        See http://www.controlup.com

# must be run with elevated privileges

$ErrorActionPreference = "Stop"     #   another way to try to stop the script in case of errors. Important for Try/Catch usage.

# Filters by Event Id '4004' (workstations) or '4006' (servers) and the computer name
$Query = "*[EventData[Data[@Name='PrincipalSamName'] and (Data='$env:userdomain\$env:username')]] and *[System[(EventID='4004') or (EventID='4006')]]"

try {
    # Gets the last (most recent) event matching the criteria by $Query
    $Event = Get-WinEvent -ProviderName Microsoft-Windows-GroupPolicy -FilterXPath "$Query" -MaxEvents 1
    $ActivityId = $Event.ActivityId.Guid
catch {
    Write-Host "Could not find relevant events in the Microsoft-Windows-GroupPolicy/Operational log. `nThe default log size (4MB) may not be large enough for the volume of data saved in it. Please increase the log size to support older messages."
    Exit 1

# Looks for Event Id '5312' with the relevant 'Activity Id'
$message = Get-WinEvent -ProviderName Microsoft-Windows-GroupPolicy -FilterXPath "*[System[(EventID='5312')]]" | Where-Object{$_.ActivityId -eq $ActivityId}

# Displays the 'Message Property'
Write-Host $message.Message