<< Back to Script Library
List user GPOs
This SBA runs under the session context of a selected user and shows,
every "User Group Policy" applied based on the records inside the "Operational" log under "Microsoft-Windows-GroupPolicy".
By default the log size is configured to 4MB,
That means that this SBA can look back this much.
Consider increasing the log size to view older entries.
every "User Group Policy" applied based on the records inside the "Operational" log under "Microsoft-Windows-GroupPolicy".
By default the log size is configured to 4MB,
That means that this SBA can look back this much.
Consider increasing the log size to view older entries.
Version: 2.2.7
Created: 2014-07-07
Modified: 2015-02-12
Creator: Niron Koren
Downloads: 2714
Tags: GPO gpresult Group Policy logon rsop
Created: 2014-07-07
Modified: 2015-02-12
Creator: Niron Koren
Downloads: 2714
Tags: GPO gpresult Group Policy logon rsop
The Script
Copy Script
Copied to clipboard
<#
.SYNOPSIS
Outputs user applied group policies
.DESCRIPTION
This script shows user applied group policies as shown inside the EventLog
.PARAMETER <paramName>
Non at this point
.EXAMPLE
<Script Path>\script.ps1 MyDomain\MyUser
.INPUTS
Positional argument of the Down-Level Logon Name (Domain\User)
.OUTPUTS
List of applied group policies
.LINK
See http://www.controlup.com
#>
$ErrorActionPreference = "Stop" # another way to try to stop the script in case of errors. Important for Try/Catch usage.
$username = $args[0]
# Defines to filter by Event Id '4001' and by an positional argument which 'ControlUp' provide based on context
$Query = "*[EventData[Data[@Name='PrincipalSamName'] and (Data='$username')]] and *[System[(EventID='4001')]]"
try {
# Gets all the events matching the criteria by $Query
[array]$Events = Get-WinEvent -ProviderName Microsoft-Windows-GroupPolicy -FilterXPath "$Query"
$ActivityId = $Events[0].ActivityId.Guid
}
catch {
Write-Host "Could not find relevant events in the Microsoft-Windows-GroupPolicy/Operational log. `nThe default log size (4MB) only supports user sessions that logged on a few hours ago. Please increase the log size to support older sessions."
Exit 1
}
# Looks for Event Id '5312' with the relevant 'Activity Id' and stores it inside a variable
$message = Get-WinEvent -ProviderName Microsoft-Windows-GroupPolicy -FilterXPath "*[System[(EventID='5312')]]" | Where-Object{$_.ActivityId -eq $ActivityId}
# Displays the 'Message Property'
Write-Host $message.Message