Solved

using VB to return what ou and what gpos are applied, indifferent results any ideas ?

Posted on 2007-12-06
10
1,441 Views
Last Modified: 2010-04-21
Hi I am using some vbs code to return the OU and applied GPOs of a server. Sometimes it returns the info and other times its blank.

I have discovered that if i have logged onto the server previously, the code works, IF its a server i have not logged onto (at the console or via TS) The code fails.  

I am running the code remotely, using a full administrator id.   Any help would be greatly appreciated.



Const FL_FORCE_CREATE_NAMESPACE = 4

On Error Resume Next

strComputer = "myserver"
 

'what OU am I in ?

WScript.Echo "*********************************************************** "

WScript.Echo " What OU ? "

Set wDate = CreateObject("WbemScripting.SWbemDateTime")

Set locator = CreateObject("WbemScripting.SWbemLocator")

Set connection = locator.ConnectServer( strComputer, "root\rsop", null, null, null, null, 0, null)

Set provider = connection.Get("RsopLoggingModeProvider")

provider.RsopCreateSession FL_FORCE_CREATE_NAMESPACE, Null, namespaceLocation, hResult, eInfo
 

WScript.Echo "RSOP Computer Session Information"
 

Set rsopProv = locator.ConnectServer _

    (strComputer, namespaceLocation & "\Computer", null, null, Null, Null, 0 , Null)
 

Set colItems = rsopProv.ExecQuery("Select * from RSOP_Session",,48)
 

For Each objItem in colItems
 

    	wDate.Value  = objItem.creationTime

    	

    	WScript.Echo "OU Location: " & objItem.SOM
 

Next
 

provider.RsopDeleteSession namespaceLocation, hResult

'=============================================================================

'what GPOs are applied

WScript.Echo "*********************************************************** "

WScript.Echo " GPOs applied to this Server are "

Set locator = CreateObject("WbemScripting.SWbemLocator")

Set connection = locator.ConnectServer( strComputer, "root\rsop", null, null, null, null, 0, null)

Set provider = connection.Get("RsopLoggingModeProvider")

provider.RsopCreateSession FL_FORCE_CREATE_NAMESPACE, Null, namespaceLocation, hResult, eInfo
 

Set rsopProv = locator.ConnectServer _

    (strComputer, namespaceLocation & "\Computer", null, null, Null, Null, 0 , Null)
 

WScript.Echo "Computer RSOP of Group Policy Objects"
 

Set colItems = rsopProv.ExecQuery("Select * from RSOP_GPO")
 

For Each objItem in colItems  
 

    WScript.Echo "Name: " & objItem.Name

Next
 

provider.RsopDeleteSession namespaceLocation, hResult

Open in new window

0
Comment
Question by:dutboy
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 4

Expert Comment

by:MeCanHelp
ID: 20420129
Add a line that shell's out the GPUPDATE command on the machine before it grabs the info just to make sure that all policies are up to dat and applied.
0
 
LVL 2

Expert Comment

by:biztopia
ID: 20422287
Try adding credentials to the ConnectServer call.  This link has a code snippet to show how.

http://techtasks.com/code/viewbookcode/553

Cheers
D.
0
 

Author Comment

by:dutboy
ID: 20426326
tried both options unfortunately neither worked !
0
 

Author Comment

by:dutboy
ID: 20426336
Its really an odd issue, as it only appears to work if the id used to run the script has cached credentials on the server.
0
 
LVL 8

Expert Comment

by:deadite
ID: 20426596
Have you tried using GPRESULT?

Here are the parameters:
http://www.microsoft.com/windowsxp/using/setup/expert/gpresults.mspx

Download it here:
http://support.microsoft.com/kb/927229
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 4

Expert Comment

by:MeCanHelp
ID: 20426720
Thanks for repeating my suggestion deadite, I take it you must agree with what I was saying huh?
0
 

Author Comment

by:dutboy
ID: 20427638
As mentioned i had tried the gpudate..  here are the results from grpresult, which provide the same results as the vbs.  maybe I should move this to a windows\os group?  To try to work out why cached credentials are required to return the info (as it wasnt an issue with the code)

I have not physically logged on to this server previously. (but am using an admin id)
C:\>gpresult /s server1 /scope computer
INFO: The user "domain\userid" does not have RSOP data.

I have Physically logged on this server previously. (but am running the code remotely)
C:\>gpresult /s server2 /scope computer

Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 07/12/2007 at 14:32:48


RSOP results for domain\userid on Server2 : Logging Mode
-------------------------------------------------------------

OS Type:           Blah          
OS Configuration:  Blah          
OS Version:                  
Domain Name:                
Domain Type:                
Site Name:                  
Roaming Profile:
Local Profile:              
Connected over a slow link?: No


COMPUTER SETTINGS
------------------

    Last time Group Policy was applied: 07/12/2007 at 09:50:03
    Group Policy was applied from:      
    Group Policy slow link threshold:  

    Applied Group Policy Objects
    -----------------------------
        Policy.1
      Policy.2
      Policy.3
      etc
      etc
0
 
LVL 8

Accepted Solution

by:
deadite earned 200 total points
ID: 20427961
MeCanHelp, my last post said "GPRESULT" not "GPUPDATE".

Are you just interested in getting the GPO that apply to the computer and not the user?  If so, I believe I got your answer. When you connect, use winmgmts like this (Note: root\rsop\computer)...

Set objWMIService = GetObject _
    ("winmgmts:\\" & strComputer & "\root\rsop\computer")


Here are a bunch of sample scripts showing how to access this information:
http://www.activexperts.com/activmonitor/windowsmanagement/scripts/grouppolicy/
0
 

Author Closing Comment

by:dutboy
ID: 31413104
Deadite. That worked a treat..  I didnt realise it was also trying to report GPOs linked to the user as well..> which makes sense as to why it failed.  Ive tested the new code and am truly satisifed with the results... (damn that "\computer" addition)
0
 

Author Comment

by:dutboy
ID: 20428152
Sorry , meant to say thanks also :)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is the result of a quest to better understand Task Scheduler 2.0 and all the newer objects available in vbscript in this version over  the limited options we had scripting in Task Scheduler 1.0.  As I started my journey of knowledge I f…
Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now