Solved

using VB to return what ou and what gpos are applied, indifferent results any ideas ?

Posted on 2007-12-06
10
1,429 Views
Last Modified: 2010-04-21
Hi I am using some vbs code to return the OU and applied GPOs of a server. Sometimes it returns the info and other times its blank.

I have discovered that if i have logged onto the server previously, the code works, IF its a server i have not logged onto (at the console or via TS) The code fails.  

I am running the code remotely, using a full administrator id.   Any help would be greatly appreciated.



Const FL_FORCE_CREATE_NAMESPACE = 4

On Error Resume Next

strComputer = "myserver"
 

'what OU am I in ?

WScript.Echo "*********************************************************** "

WScript.Echo " What OU ? "

Set wDate = CreateObject("WbemScripting.SWbemDateTime")

Set locator = CreateObject("WbemScripting.SWbemLocator")

Set connection = locator.ConnectServer( strComputer, "root\rsop", null, null, null, null, 0, null)

Set provider = connection.Get("RsopLoggingModeProvider")

provider.RsopCreateSession FL_FORCE_CREATE_NAMESPACE, Null, namespaceLocation, hResult, eInfo
 

WScript.Echo "RSOP Computer Session Information"
 

Set rsopProv = locator.ConnectServer _

    (strComputer, namespaceLocation & "\Computer", null, null, Null, Null, 0 , Null)
 

Set colItems = rsopProv.ExecQuery("Select * from RSOP_Session",,48)
 

For Each objItem in colItems
 

    	wDate.Value  = objItem.creationTime

    	

    	WScript.Echo "OU Location: " & objItem.SOM
 

Next
 

provider.RsopDeleteSession namespaceLocation, hResult

'=============================================================================

'what GPOs are applied

WScript.Echo "*********************************************************** "

WScript.Echo " GPOs applied to this Server are "

Set locator = CreateObject("WbemScripting.SWbemLocator")

Set connection = locator.ConnectServer( strComputer, "root\rsop", null, null, null, null, 0, null)

Set provider = connection.Get("RsopLoggingModeProvider")

provider.RsopCreateSession FL_FORCE_CREATE_NAMESPACE, Null, namespaceLocation, hResult, eInfo
 

Set rsopProv = locator.ConnectServer _

    (strComputer, namespaceLocation & "\Computer", null, null, Null, Null, 0 , Null)
 

WScript.Echo "Computer RSOP of Group Policy Objects"
 

Set colItems = rsopProv.ExecQuery("Select * from RSOP_GPO")
 

For Each objItem in colItems  
 

    WScript.Echo "Name: " & objItem.Name

Next
 

provider.RsopDeleteSession namespaceLocation, hResult

Open in new window

0
Comment
Question by:dutboy
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 4

Expert Comment

by:MeCanHelp
ID: 20420129
Add a line that shell's out the GPUPDATE command on the machine before it grabs the info just to make sure that all policies are up to dat and applied.
0
 
LVL 2

Expert Comment

by:biztopia
ID: 20422287
Try adding credentials to the ConnectServer call.  This link has a code snippet to show how.

http://techtasks.com/code/viewbookcode/553

Cheers
D.
0
 

Author Comment

by:dutboy
ID: 20426326
tried both options unfortunately neither worked !
0
 

Author Comment

by:dutboy
ID: 20426336
Its really an odd issue, as it only appears to work if the id used to run the script has cached credentials on the server.
0
 
LVL 8

Expert Comment

by:deadite
ID: 20426596
Have you tried using GPRESULT?

Here are the parameters:
http://www.microsoft.com/windowsxp/using/setup/expert/gpresults.mspx

Download it here:
http://support.microsoft.com/kb/927229
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 4

Expert Comment

by:MeCanHelp
ID: 20426720
Thanks for repeating my suggestion deadite, I take it you must agree with what I was saying huh?
0
 

Author Comment

by:dutboy
ID: 20427638
As mentioned i had tried the gpudate..  here are the results from grpresult, which provide the same results as the vbs.  maybe I should move this to a windows\os group?  To try to work out why cached credentials are required to return the info (as it wasnt an issue with the code)

I have not physically logged on to this server previously. (but am using an admin id)
C:\>gpresult /s server1 /scope computer
INFO: The user "domain\userid" does not have RSOP data.

I have Physically logged on this server previously. (but am running the code remotely)
C:\>gpresult /s server2 /scope computer

Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 07/12/2007 at 14:32:48


RSOP results for domain\userid on Server2 : Logging Mode
-------------------------------------------------------------

OS Type:           Blah          
OS Configuration:  Blah          
OS Version:                  
Domain Name:                
Domain Type:                
Site Name:                  
Roaming Profile:
Local Profile:              
Connected over a slow link?: No


COMPUTER SETTINGS
------------------

    Last time Group Policy was applied: 07/12/2007 at 09:50:03
    Group Policy was applied from:      
    Group Policy slow link threshold:  

    Applied Group Policy Objects
    -----------------------------
        Policy.1
      Policy.2
      Policy.3
      etc
      etc
0
 
LVL 8

Accepted Solution

by:
deadite earned 200 total points
ID: 20427961
MeCanHelp, my last post said "GPRESULT" not "GPUPDATE".

Are you just interested in getting the GPO that apply to the computer and not the user?  If so, I believe I got your answer. When you connect, use winmgmts like this (Note: root\rsop\computer)...

Set objWMIService = GetObject _
    ("winmgmts:\\" & strComputer & "\root\rsop\computer")


Here are a bunch of sample scripts showing how to access this information:
http://www.activexperts.com/activmonitor/windowsmanagement/scripts/grouppolicy/
0
 

Author Closing Comment

by:dutboy
ID: 31413104
Deadite. That worked a treat..  I didnt realise it was also trying to report GPOs linked to the user as well..> which makes sense as to why it failed.  Ive tested the new code and am truly satisifed with the results... (damn that "\computer" addition)
0
 

Author Comment

by:dutboy
ID: 20428152
Sorry , meant to say thanks also :)
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Script to copy or move mouse-selected collection of files plus targets referenced by shortcuts (.lnk) The purpose of this article is to help illuminate the real challenges and options available (where they may exist) for utilizing simple scriptin…
Welcome back!  My apologies for taking so long to write part two of this series; it's been a long time coming!  As I promised in Part 1, this article will focus on how to locate those elusive AD properties that you are searching for.  Why is this us…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now