Script to Search within all GPO's

Posted on 2008-11-07
Last Modified: 2012-05-05
I'm looking to write a script (probably in VBScript) to perform the following fucntion.

I need to search within/inside the contents of all the GPO's in our domain. The reason for this is we use 100's of GPO's to deploy software via Software Assignment (MSI) and Startup Scripts.
Sometimes more than one policy may reference an MSI stored in a location on our network. To ensure that we can remove unused MSI's I'd like to be able to search on a strong in VBScript (e.g \\server\packages\mysoftware\setup.msi) and for it to return a list of all GPO's that reference this path in some form.

Hope someone can point me in the right direction.

Many Thanks,
Question by:philharle
    LVL 14

    Expert Comment

    When run, the script will ask you for a file name to search for.  You can include the file path but to keep things simple, I suggest just the file name.
    The results will populate a log file which will open at the end of the search.

    on error resume next
    strSearchForMSI   = InputBox("Search GPO object for this file:")
    strComputer       = "."
    Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\rsop\computer")
    Set colItems = objWMIService.ExecQuery("Select * from RSOP_ApplicationManagementPolicySetting WHERE PackageLocation LIKE '%" & strSearchForMSI & "%'")
    strFile     = "searchlog.txt"
    Set objFSO  = CreateObject("Scripting.FileSystemObject")
    Set objFile = objFSO.OpenTextFile(strFile, 2, True)
    For Each objItem in colItems  
        objFile.WriteLine "Allow X86 on IA64: " & objItem.AllowX86OnIA64
        objFile.WriteLine "Application ID: " & objItem.ApplicationId
        objFile.WriteLine "Apply Cause: " & objItem.ApplyCause
        objFile.WriteLine "Assignment Type: " & objItem.AssignmentType
        objFile.WriteLine "Categories: " & objItem.Categories
        objFile.WriteLine "Demand Installable: " & objItem.DemandInstallable
        objFile.WriteLine "Deployment Last Modify Time: " & objItem.DeploymentLastModifyTime
        objFile.WriteLine "Deployment Type: " & objItem.DeploymentType
        objFile.WriteLine "Display in Add/Remove Programs: " & objItem.DisplayInARP
        objFile.WriteLine "Eligibility: " & objItem.Eligibility
        objFile.WriteLine "Entry Type: " & objItem.EntryType
        objFile.WriteLine "ID: " & objItem.ID
        objFile.WriteLine "Ignore Language: " & objItem.IgnoreLanguage
        objFile.WriteLine "Installation UI: " & objItem.InstallationUI
        objFile.WriteLine "Language ID: " & objItem.LanguageId
        objFile.WriteLine "Language Match: " & objItem.LanguageMatch
        objFile.WriteLine "Loss of Scope Action: " & objItem.LossOfScopeAction
        For Each strArchitecture in objItem.MachineArchitectures
            objFile.WriteLine "Machine Architecture: " & strArchitecture
        objFile.WriteLine "On-demand CLSID: " & objItem.OnDemandClsid
        objFile.WriteLine "On-demand File Extension: " & objItem.OnDemandFileExtension
        objFile.WriteLine "On-demand ProgID: " & objItem.OnDemandProgId
        objFile.WriteLine "Package Location: " & objItem.PackageLocation
        objFile.WriteLine "Package Type: " & objItem.PackageType
        objFile.WriteLine "Precedence: " & objItem.Precedence
        objFile.WriteLine "Precedence Reason: " & objItem.PrecedenceReason
        objFile.WriteLine "Product ID: " & objItem.ProductId
        objFile.WriteLine "Publisher: " & objItem.Publisher
        objFile.WriteLine "Redeploy Count: " & objItem.RedeployCount
        objFile.WriteLine "Removal Cause: " & objItem.RemovalCause
        objFile.WriteLine "Removal Type: " & objItem.RemovalType
        objFile.WriteLine "Removing Application: " & objItem.RemovingApplication
        objFile.WriteLine "Replaceable Applications: " & objItem.ReplaceableApplications
        objFile.WriteLine "Script File: " & objItem.ScriptFile
        objFile.WriteLine "Support URL: " & objItem.SupportURL
        objFile.WriteLine "Transforms: " & objItem.Transforms
        objFile.WriteLine "Uninstall Unmanaged: " & objItem.UninstallUnmanaged
        objFile.WriteLine "Upgradeable Applications: " & objItem.UpgradeableApplications
        objFile.WriteLine "Upgrade Settings Mandatory: " & objItem.UpgradeSettingsMandatory
        objFile.WriteLine "Version Number (High): " & objItem.VersionNumberHi
        objFile.WriteLine "Version Number (Low): " & objItem.VersionNumberLo
    Set objShell = WScript.CreateObject( "WScript.Shell" )

    Open in new window


    Author Comment

    Thanks for the reply. I wonder if you'd be able to answer a couple of questions?

    Looking a the above script it seems to run a RSOP on the current machine, which effectvley would only search within the GPO's which are applied to the client computer which the script is executed on. Is this the case, and if so is it possible to ammend it so that it searches within all GPO's in a domain (or possibly even better to just search all GPO's assigned to a particular OU)?

    Also owing to limitations in re-packaging a number of out applications, many of them are deployed via startup script rather than a software deployment MSI. Is it also possible to extend the script so that it searches through the startup scripts section of the GPO in addition to the MSI assigned applications?

    LVL 14

    Assisted Solution

    Rats  after testing the script further, I found as you mentioned, that policies that were in AD and NOT applied to this desktop could not be searched.  Unfortunately, the computer Im testing on has been a member of just about every software policy Ive made so I was able to see most of the policies.  
    To look at this in a different way, you could search the \\domaincontroller\sysvol\domain\policies folder for .aas files that contain the file name you are looking for.  Same for the login scripts that assign through the method mentioned above.  They would be in your \\domaincontroller\sysvol\domain\scripts folder and could be searched using your regular windows search function.

    Author Comment

    Interesting idea, but after testing it still doesn't provide the full functionality I require. Really in the instance of Startup Scripts I need the full path and filename that is being referenced as we store our scripts outside of the policies folder on a seperate DFS share which also includes the software installation media.
    Same goes for the MSI's for which these GPO's will all reference MSI's on \\fileserver\share\softwarename\install.msi for example.
    Its the paths of both MSI's and scripts I need.

    I wonder if there is a way to write some sort of procedure or filter etc. into the GPMC possibly rather than doing it via VBScript?
    LVL 14

    Expert Comment

    I have not tried to filter scripts using the GPMC tool however, I found a script that can send all your GPO's to HTML reports (  When viewing the reports, I can clearly see what GPO is assigned what software policy for installing files because this is the exact same report you get when in the GPO snap-in.  Anyway, there are many variables at this point to clearly point you in the right direction.  By this I mean that in each GPO you could point to none or more scripts.  Within each script you could point to additional scripts or to msi and exe files.  There is a possibility that each script is coded in a slightly different manner and finding file paths could  prove difficult to impossible without manually checking each script.

    To help eliminate some of the variables, can you post a sample startup script and or install script and roughly where that script resides on your network?  If all the scripts being used are all identical (or comparible), then a better solution might come out of this.

    Accepted Solution

    I managed to find two solutions that worked:

    As far as assigned MSI's go, this does the trick

    and for the startup scripts they were listed in scripts.ini located at \sysvol\Policies

    LVL 14

    Expert Comment

    I've not seen that one before.  Thank you for posting the URL.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    This is an addendum to the following article: Acitve Directory based Outlook Signature ( The script is fine, and works in normal client-server domains…
    This is pretty cool.  The purpose of this VB Script is to help you document where JAR (Java ARchive) files and specifically java class files are located so that you can address issues seen with a client or that you can speak intelligently with a dev…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now