<< Back to Script Library
List Computer GPOs
This SBA shows the current computer Group Policy Objects applied based on the records inside the "Operational" log under "Microsoft-Windows-GroupPolicy".
By default the log size is configured to 4MB,
That means that this SBA can look back this much.
Consider increasing the log size to view older entries.
By default the log size is configured to 4MB,
That means that this SBA can look back this much.
Consider increasing the log size to view older entries.
The Script
Copy Script
Copied to clipboard
<#
.SYNOPSIS
Outputs computer applied group policies
.DESCRIPTION
This script shows computer applied group policies as shown inside the EventLog
.PARAMETER <paramName>
None at this point
.EXAMPLE
<Script Path>\script.ps1
.INPUTS
None
.OUTPUTS
List of applied group policies
.LINK
See http://www.controlup.com
#>
# must be run with elevated privileges
$ErrorActionPreference = "Stop" # another way to try to stop the script in case of errors. Important for Try/Catch usage.
# Filters by Event Id '4004' (workstations) or '4006' (servers) and the computer name
$Query = "*[EventData[Data[@Name='PrincipalSamName'] and (Data='$env:userdomain\$env:username')]] and *[System[(EventID='4004') or (EventID='4006')]]"
try {
# Gets the last (most recent) event matching the criteria by $Query
$Event = Get-WinEvent -ProviderName Microsoft-Windows-GroupPolicy -FilterXPath "$Query" -MaxEvents 1
$ActivityId = $Event.ActivityId.Guid
}
catch {
Write-Host "Could not find relevant events in the Microsoft-Windows-GroupPolicy/Operational log. `nThe default log size (4MB) may not be large enough for the volume of data saved in it. Please increase the log size to support older messages."
Exit 1
}
# Looks for Event Id '5312' with the relevant 'Activity Id'
$message = Get-WinEvent -ProviderName Microsoft-Windows-GroupPolicy -FilterXPath "*[System[(EventID='5312')]]" | Where-Object{$_.ActivityId -eq $ActivityId}
# Displays the 'Message Property'
Write-Host $message.Message