Script to Search within all GPO's

I'm looking to write a script (probably in VBScript) to perform the following fucntion.

I need to search within/inside the contents of all the GPO's in our domain. The reason for this is we use 100's of GPO's to deploy software via Software Assignment (MSI) and Startup Scripts.
Sometimes more than one policy may reference an MSI stored in a location on our network. To ensure that we can remove unused MSI's I'd like to be able to search on a strong in VBScript (e.g \\server\packages\mysoftware\setup.msi) and for it to return a list of all GPO's that reference this path in some form.

Hope someone can point me in the right direction.

Many Thanks,
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

When run, the script will ask you for a file name to search for.  You can include the file path but to keep things simple, I suggest just the file name.
The results will populate a log file which will open at the end of the search.

on error resume next
strSearchForMSI   = InputBox("Search GPO object for this file:")
strComputer       = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\rsop\computer")
Set colItems = objWMIService.ExecQuery("Select * from RSOP_ApplicationManagementPolicySetting WHERE PackageLocation LIKE '%" & strSearchForMSI & "%'")
strFile     = "searchlog.txt"
Set objFSO  = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strFile, 2, True)
For Each objItem in colItems  
    objFile.WriteLine "Allow X86 on IA64: " & objItem.AllowX86OnIA64
    objFile.WriteLine "Application ID: " & objItem.ApplicationId
    objFile.WriteLine "Apply Cause: " & objItem.ApplyCause
    objFile.WriteLine "Assignment Type: " & objItem.AssignmentType
    objFile.WriteLine "Categories: " & objItem.Categories
    objFile.WriteLine "Demand Installable: " & objItem.DemandInstallable
    objFile.WriteLine "Deployment Last Modify Time: " & objItem.DeploymentLastModifyTime
    objFile.WriteLine "Deployment Type: " & objItem.DeploymentType
    objFile.WriteLine "Display in Add/Remove Programs: " & objItem.DisplayInARP
    objFile.WriteLine "Eligibility: " & objItem.Eligibility
    objFile.WriteLine "Entry Type: " & objItem.EntryType
    objFile.WriteLine "ID: " & objItem.ID
    objFile.WriteLine "Ignore Language: " & objItem.IgnoreLanguage
    objFile.WriteLine "Installation UI: " & objItem.InstallationUI
    objFile.WriteLine "Language ID: " & objItem.LanguageId
    objFile.WriteLine "Language Match: " & objItem.LanguageMatch
    objFile.WriteLine "Loss of Scope Action: " & objItem.LossOfScopeAction
    For Each strArchitecture in objItem.MachineArchitectures
        objFile.WriteLine "Machine Architecture: " & strArchitecture
    objFile.WriteLine "On-demand CLSID: " & objItem.OnDemandClsid
    objFile.WriteLine "On-demand File Extension: " & objItem.OnDemandFileExtension
    objFile.WriteLine "On-demand ProgID: " & objItem.OnDemandProgId
    objFile.WriteLine "Package Location: " & objItem.PackageLocation
    objFile.WriteLine "Package Type: " & objItem.PackageType
    objFile.WriteLine "Precedence: " & objItem.Precedence
    objFile.WriteLine "Precedence Reason: " & objItem.PrecedenceReason
    objFile.WriteLine "Product ID: " & objItem.ProductId
    objFile.WriteLine "Publisher: " & objItem.Publisher
    objFile.WriteLine "Redeploy Count: " & objItem.RedeployCount
    objFile.WriteLine "Removal Cause: " & objItem.RemovalCause
    objFile.WriteLine "Removal Type: " & objItem.RemovalType
    objFile.WriteLine "Removing Application: " & objItem.RemovingApplication
    objFile.WriteLine "Replaceable Applications: " & objItem.ReplaceableApplications
    objFile.WriteLine "Script File: " & objItem.ScriptFile
    objFile.WriteLine "Support URL: " & objItem.SupportURL
    objFile.WriteLine "Transforms: " & objItem.Transforms
    objFile.WriteLine "Uninstall Unmanaged: " & objItem.UninstallUnmanaged
    objFile.WriteLine "Upgradeable Applications: " & objItem.UpgradeableApplications
    objFile.WriteLine "Upgrade Settings Mandatory: " & objItem.UpgradeSettingsMandatory
    objFile.WriteLine "Version Number (High): " & objItem.VersionNumberHi
    objFile.WriteLine "Version Number (Low): " & objItem.VersionNumberLo
Set objShell = WScript.CreateObject( "WScript.Shell" )

Open in new window

philharleAuthor Commented:
Thanks for the reply. I wonder if you'd be able to answer a couple of questions?

Looking a the above script it seems to run a RSOP on the current machine, which effectvley would only search within the GPO's which are applied to the client computer which the script is executed on. Is this the case, and if so is it possible to ammend it so that it searches within all GPO's in a domain (or possibly even better to just search all GPO's assigned to a particular OU)?

Also owing to limitations in re-packaging a number of out applications, many of them are deployed via startup script rather than a software deployment MSI. Is it also possible to extend the script so that it searches through the startup scripts section of the GPO in addition to the MSI assigned applications?

Rats  after testing the script further, I found as you mentioned, that policies that were in AD and NOT applied to this desktop could not be searched.  Unfortunately, the computer Im testing on has been a member of just about every software policy Ive made so I was able to see most of the policies.  
To look at this in a different way, you could search the \\domaincontroller\sysvol\domain\policies folder for .aas files that contain the file name you are looking for.  Same for the login scripts that assign through the method mentioned above.  They would be in your \\domaincontroller\sysvol\domain\scripts folder and could be searched using your regular windows search function.
Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

philharleAuthor Commented:
Interesting idea, but after testing it still doesn't provide the full functionality I require. Really in the instance of Startup Scripts I need the full path and filename that is being referenced as we store our scripts outside of the policies folder on a seperate DFS share which also includes the software installation media.
Same goes for the MSI's for which these GPO's will all reference MSI's on \\fileserver\share\softwarename\install.msi for example.
Its the paths of both MSI's and scripts I need.

I wonder if there is a way to write some sort of procedure or filter etc. into the GPMC possibly rather than doing it via VBScript?
I have not tried to filter scripts using the GPMC tool however, I found a script that can send all your GPO's to HTML reports (  When viewing the reports, I can clearly see what GPO is assigned what software policy for installing files because this is the exact same report you get when in the GPO snap-in.  Anyway, there are many variables at this point to clearly point you in the right direction.  By this I mean that in each GPO you could point to none or more scripts.  Within each script you could point to additional scripts or to msi and exe files.  There is a possibility that each script is coded in a slightly different manner and finding file paths could  prove difficult to impossible without manually checking each script.

To help eliminate some of the variables, can you post a sample startup script and or install script and roughly where that script resides on your network?  If all the scripts being used are all identical (or comparible), then a better solution might come out of this.
philharleAuthor Commented:
I managed to find two solutions that worked:

As far as assigned MSI's go, this does the trick

and for the startup scripts they were listed in scripts.ini located at \sysvol\Policies


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
I've not seen that one before.  Thank you for posting the URL.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VB Script

From novice to tech pro — start learning today.