Solved

using VB to return what ou and what gpos are applied, indifferent results any ideas ?

Posted on 2007-12-06
10
1,493 Views
Last Modified: 2010-04-21
Hi I am using some vbs code to return the OU and applied GPOs of a server. Sometimes it returns the info and other times its blank.

I have discovered that if i have logged onto the server previously, the code works, IF its a server i have not logged onto (at the console or via TS) The code fails.  

I am running the code remotely, using a full administrator id.   Any help would be greatly appreciated.



Const FL_FORCE_CREATE_NAMESPACE = 4
On Error Resume Next
strComputer = "myserver"
 
'what OU am I in ?
WScript.Echo "*********************************************************** "
WScript.Echo " What OU ? "
Set wDate = CreateObject("WbemScripting.SWbemDateTime")
Set locator = CreateObject("WbemScripting.SWbemLocator")
Set connection = locator.ConnectServer( strComputer, "root\rsop", null, null, null, null, 0, null)
Set provider = connection.Get("RsopLoggingModeProvider")
provider.RsopCreateSession FL_FORCE_CREATE_NAMESPACE, Null, namespaceLocation, hResult, eInfo
 
WScript.Echo "RSOP Computer Session Information"
 
Set rsopProv = locator.ConnectServer _
    (strComputer, namespaceLocation & "\Computer", null, null, Null, Null, 0 , Null)
 
Set colItems = rsopProv.ExecQuery("Select * from RSOP_Session",,48)
 
For Each objItem in colItems
 
    	wDate.Value  = objItem.creationTime
    	
    	WScript.Echo "OU Location: " & objItem.SOM
 
Next
 
provider.RsopDeleteSession namespaceLocation, hResult
'=============================================================================
'what GPOs are applied
WScript.Echo "*********************************************************** "
WScript.Echo " GPOs applied to this Server are "
Set locator = CreateObject("WbemScripting.SWbemLocator")
Set connection = locator.ConnectServer( strComputer, "root\rsop", null, null, null, null, 0, null)
Set provider = connection.Get("RsopLoggingModeProvider")
provider.RsopCreateSession FL_FORCE_CREATE_NAMESPACE, Null, namespaceLocation, hResult, eInfo
 
Set rsopProv = locator.ConnectServer _
    (strComputer, namespaceLocation & "\Computer", null, null, Null, Null, 0 , Null)
 
WScript.Echo "Computer RSOP of Group Policy Objects"
 
Set colItems = rsopProv.ExecQuery("Select * from RSOP_GPO")
 
For Each objItem in colItems  
 
    WScript.Echo "Name: " & objItem.Name
Next
 
provider.RsopDeleteSession namespaceLocation, hResult

Open in new window

0
Comment
Question by:dutboy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 4

Expert Comment

by:MeCanHelp
ID: 20420129
Add a line that shell's out the GPUPDATE command on the machine before it grabs the info just to make sure that all policies are up to dat and applied.
0
 
LVL 2

Expert Comment

by:biztopia
ID: 20422287
Try adding credentials to the ConnectServer call.  This link has a code snippet to show how.

http://techtasks.com/code/viewbookcode/553

Cheers
D.
0
 

Author Comment

by:dutboy
ID: 20426326
tried both options unfortunately neither worked !
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:dutboy
ID: 20426336
Its really an odd issue, as it only appears to work if the id used to run the script has cached credentials on the server.
0
 
LVL 8

Expert Comment

by:deadite
ID: 20426596
Have you tried using GPRESULT?

Here are the parameters:
http://www.microsoft.com/windowsxp/using/setup/expert/gpresults.mspx

Download it here:
http://support.microsoft.com/kb/927229
0
 
LVL 4

Expert Comment

by:MeCanHelp
ID: 20426720
Thanks for repeating my suggestion deadite, I take it you must agree with what I was saying huh?
0
 

Author Comment

by:dutboy
ID: 20427638
As mentioned i had tried the gpudate..  here are the results from grpresult, which provide the same results as the vbs.  maybe I should move this to a windows\os group?  To try to work out why cached credentials are required to return the info (as it wasnt an issue with the code)

I have not physically logged on to this server previously. (but am using an admin id)
C:\>gpresult /s server1 /scope computer
INFO: The user "domain\userid" does not have RSOP data.

I have Physically logged on this server previously. (but am running the code remotely)
C:\>gpresult /s server2 /scope computer

Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 07/12/2007 at 14:32:48


RSOP results for domain\userid on Server2 : Logging Mode
-------------------------------------------------------------

OS Type:           Blah          
OS Configuration:  Blah          
OS Version:                  
Domain Name:                
Domain Type:                
Site Name:                  
Roaming Profile:
Local Profile:              
Connected over a slow link?: No


COMPUTER SETTINGS
------------------

    Last time Group Policy was applied: 07/12/2007 at 09:50:03
    Group Policy was applied from:      
    Group Policy slow link threshold:  

    Applied Group Policy Objects
    -----------------------------
        Policy.1
      Policy.2
      Policy.3
      etc
      etc
0
 
LVL 8

Accepted Solution

by:
deadite earned 200 total points
ID: 20427961
MeCanHelp, my last post said "GPRESULT" not "GPUPDATE".

Are you just interested in getting the GPO that apply to the computer and not the user?  If so, I believe I got your answer. When you connect, use winmgmts like this (Note: root\rsop\computer)...

Set objWMIService = GetObject _
    ("winmgmts:\\" & strComputer & "\root\rsop\computer")


Here are a bunch of sample scripts showing how to access this information:
http://www.activexperts.com/activmonitor/windowsmanagement/scripts/grouppolicy/
0
 

Author Closing Comment

by:dutboy
ID: 31413104
Deadite. That worked a treat..  I didnt realise it was also trying to report GPOs linked to the user as well..> which makes sense as to why it failed.  Ive tested the new code and am truly satisifed with the results... (damn that "\computer" addition)
0
 

Author Comment

by:dutboy
ID: 20428152
Sorry , meant to say thanks also :)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is an addendum to the following article: Acitve Directory based Outlook Signature (http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_24950055.html) The script is fine, and works in normal client-server domains…
When it comes to writing scripts for a Client/Server computing environment it is essential to consider some way of enabling the authentication functionality within a script. This sort of consideration mainly comes into the picture when we are dealin…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question