Solved

using VB to return what ou and what gpos are applied, indifferent results any ideas ?

Posted on 2007-12-06
10
1,459 Views
Last Modified: 2010-04-21
Hi I am using some vbs code to return the OU and applied GPOs of a server. Sometimes it returns the info and other times its blank.

I have discovered that if i have logged onto the server previously, the code works, IF its a server i have not logged onto (at the console or via TS) The code fails.  

I am running the code remotely, using a full administrator id.   Any help would be greatly appreciated.



Const FL_FORCE_CREATE_NAMESPACE = 4
On Error Resume Next
strComputer = "myserver"
 
'what OU am I in ?
WScript.Echo "*********************************************************** "
WScript.Echo " What OU ? "
Set wDate = CreateObject("WbemScripting.SWbemDateTime")
Set locator = CreateObject("WbemScripting.SWbemLocator")
Set connection = locator.ConnectServer( strComputer, "root\rsop", null, null, null, null, 0, null)
Set provider = connection.Get("RsopLoggingModeProvider")
provider.RsopCreateSession FL_FORCE_CREATE_NAMESPACE, Null, namespaceLocation, hResult, eInfo
 
WScript.Echo "RSOP Computer Session Information"
 
Set rsopProv = locator.ConnectServer _
    (strComputer, namespaceLocation & "\Computer", null, null, Null, Null, 0 , Null)
 
Set colItems = rsopProv.ExecQuery("Select * from RSOP_Session",,48)
 
For Each objItem in colItems
 
    	wDate.Value  = objItem.creationTime
    	
    	WScript.Echo "OU Location: " & objItem.SOM
 
Next
 
provider.RsopDeleteSession namespaceLocation, hResult
'=============================================================================
'what GPOs are applied
WScript.Echo "*********************************************************** "
WScript.Echo " GPOs applied to this Server are "
Set locator = CreateObject("WbemScripting.SWbemLocator")
Set connection = locator.ConnectServer( strComputer, "root\rsop", null, null, null, null, 0, null)
Set provider = connection.Get("RsopLoggingModeProvider")
provider.RsopCreateSession FL_FORCE_CREATE_NAMESPACE, Null, namespaceLocation, hResult, eInfo
 
Set rsopProv = locator.ConnectServer _
    (strComputer, namespaceLocation & "\Computer", null, null, Null, Null, 0 , Null)
 
WScript.Echo "Computer RSOP of Group Policy Objects"
 
Set colItems = rsopProv.ExecQuery("Select * from RSOP_GPO")
 
For Each objItem in colItems  
 
    WScript.Echo "Name: " & objItem.Name
Next
 
provider.RsopDeleteSession namespaceLocation, hResult

Open in new window

0
Comment
Question by:dutboy
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 4

Expert Comment

by:MeCanHelp
ID: 20420129
Add a line that shell's out the GPUPDATE command on the machine before it grabs the info just to make sure that all policies are up to dat and applied.
0
 
LVL 2

Expert Comment

by:biztopia
ID: 20422287
Try adding credentials to the ConnectServer call.  This link has a code snippet to show how.

http://techtasks.com/code/viewbookcode/553

Cheers
D.
0
 

Author Comment

by:dutboy
ID: 20426326
tried both options unfortunately neither worked !
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:dutboy
ID: 20426336
Its really an odd issue, as it only appears to work if the id used to run the script has cached credentials on the server.
0
 
LVL 8

Expert Comment

by:deadite
ID: 20426596
Have you tried using GPRESULT?

Here are the parameters:
http://www.microsoft.com/windowsxp/using/setup/expert/gpresults.mspx

Download it here:
http://support.microsoft.com/kb/927229
0
 
LVL 4

Expert Comment

by:MeCanHelp
ID: 20426720
Thanks for repeating my suggestion deadite, I take it you must agree with what I was saying huh?
0
 

Author Comment

by:dutboy
ID: 20427638
As mentioned i had tried the gpudate..  here are the results from grpresult, which provide the same results as the vbs.  maybe I should move this to a windows\os group?  To try to work out why cached credentials are required to return the info (as it wasnt an issue with the code)

I have not physically logged on to this server previously. (but am using an admin id)
C:\>gpresult /s server1 /scope computer
INFO: The user "domain\userid" does not have RSOP data.

I have Physically logged on this server previously. (but am running the code remotely)
C:\>gpresult /s server2 /scope computer

Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 07/12/2007 at 14:32:48


RSOP results for domain\userid on Server2 : Logging Mode
-------------------------------------------------------------

OS Type:           Blah          
OS Configuration:  Blah          
OS Version:                  
Domain Name:                
Domain Type:                
Site Name:                  
Roaming Profile:
Local Profile:              
Connected over a slow link?: No


COMPUTER SETTINGS
------------------

    Last time Group Policy was applied: 07/12/2007 at 09:50:03
    Group Policy was applied from:      
    Group Policy slow link threshold:  

    Applied Group Policy Objects
    -----------------------------
        Policy.1
      Policy.2
      Policy.3
      etc
      etc
0
 
LVL 8

Accepted Solution

by:
deadite earned 200 total points
ID: 20427961
MeCanHelp, my last post said "GPRESULT" not "GPUPDATE".

Are you just interested in getting the GPO that apply to the computer and not the user?  If so, I believe I got your answer. When you connect, use winmgmts like this (Note: root\rsop\computer)...

Set objWMIService = GetObject _
    ("winmgmts:\\" & strComputer & "\root\rsop\computer")


Here are a bunch of sample scripts showing how to access this information:
http://www.activexperts.com/activmonitor/windowsmanagement/scripts/grouppolicy/
0
 

Author Closing Comment

by:dutboy
ID: 31413104
Deadite. That worked a treat..  I didnt realise it was also trying to report GPOs linked to the user as well..> which makes sense as to why it failed.  Ive tested the new code and am truly satisifed with the results... (damn that "\computer" addition)
0
 

Author Comment

by:dutboy
ID: 20428152
Sorry , meant to say thanks also :)
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome, welcome!  If you are new to the series and haven't been following along, please take a brief moment to review the first three installments: Part 1 (http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/A_266-VBScri…
When it comes to writing scripts for a Client/Server computing environment it is essential to consider some way of enabling the authentication functionality within a script. This sort of consideration mainly comes into the picture when we are dealin…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question