[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Script to Search within all GPO's

Posted on 2008-11-07
Medium Priority
Last Modified: 2012-05-05
I'm looking to write a script (probably in VBScript) to perform the following fucntion.

I need to search within/inside the contents of all the GPO's in our domain. The reason for this is we use 100's of GPO's to deploy software via Software Assignment (MSI) and Startup Scripts.
Sometimes more than one policy may reference an MSI stored in a location on our network. To ensure that we can remove unused MSI's I'd like to be able to search on a strong in VBScript (e.g \\server\packages\mysoftware\setup.msi) and for it to return a list of all GPO's that reference this path in some form.

Hope someone can point me in the right direction.

Many Thanks,
Question by:philharle
  • 4
  • 3
LVL 14

Expert Comment

ID: 22909512
When run, the script will ask you for a file name to search for.  You can include the file path but to keep things simple, I suggest just the file name.
The results will populate a log file which will open at the end of the search.

on error resume next
strSearchForMSI   = InputBox("Search GPO object for this file:")
strComputer       = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\rsop\computer")
Set colItems = objWMIService.ExecQuery("Select * from RSOP_ApplicationManagementPolicySetting WHERE PackageLocation LIKE '%" & strSearchForMSI & "%'")
strFile     = "searchlog.txt"
Set objFSO  = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strFile, 2, True)
For Each objItem in colItems  
    objFile.WriteLine "Allow X86 on IA64: " & objItem.AllowX86OnIA64
    objFile.WriteLine "Application ID: " & objItem.ApplicationId
    objFile.WriteLine "Apply Cause: " & objItem.ApplyCause
    objFile.WriteLine "Assignment Type: " & objItem.AssignmentType
    objFile.WriteLine "Categories: " & objItem.Categories
    objFile.WriteLine "Demand Installable: " & objItem.DemandInstallable
    objFile.WriteLine "Deployment Last Modify Time: " & objItem.DeploymentLastModifyTime
    objFile.WriteLine "Deployment Type: " & objItem.DeploymentType
    objFile.WriteLine "Display in Add/Remove Programs: " & objItem.DisplayInARP
    objFile.WriteLine "Eligibility: " & objItem.Eligibility
    objFile.WriteLine "Entry Type: " & objItem.EntryType
    objFile.WriteLine "ID: " & objItem.ID
    objFile.WriteLine "Ignore Language: " & objItem.IgnoreLanguage
    objFile.WriteLine "Installation UI: " & objItem.InstallationUI
    objFile.WriteLine "Language ID: " & objItem.LanguageId
    objFile.WriteLine "Language Match: " & objItem.LanguageMatch
    objFile.WriteLine "Loss of Scope Action: " & objItem.LossOfScopeAction
    For Each strArchitecture in objItem.MachineArchitectures
        objFile.WriteLine "Machine Architecture: " & strArchitecture
    objFile.WriteLine "On-demand CLSID: " & objItem.OnDemandClsid
    objFile.WriteLine "On-demand File Extension: " & objItem.OnDemandFileExtension
    objFile.WriteLine "On-demand ProgID: " & objItem.OnDemandProgId
    objFile.WriteLine "Package Location: " & objItem.PackageLocation
    objFile.WriteLine "Package Type: " & objItem.PackageType
    objFile.WriteLine "Precedence: " & objItem.Precedence
    objFile.WriteLine "Precedence Reason: " & objItem.PrecedenceReason
    objFile.WriteLine "Product ID: " & objItem.ProductId
    objFile.WriteLine "Publisher: " & objItem.Publisher
    objFile.WriteLine "Redeploy Count: " & objItem.RedeployCount
    objFile.WriteLine "Removal Cause: " & objItem.RemovalCause
    objFile.WriteLine "Removal Type: " & objItem.RemovalType
    objFile.WriteLine "Removing Application: " & objItem.RemovingApplication
    objFile.WriteLine "Replaceable Applications: " & objItem.ReplaceableApplications
    objFile.WriteLine "Script File: " & objItem.ScriptFile
    objFile.WriteLine "Support URL: " & objItem.SupportURL
    objFile.WriteLine "Transforms: " & objItem.Transforms
    objFile.WriteLine "Uninstall Unmanaged: " & objItem.UninstallUnmanaged
    objFile.WriteLine "Upgradeable Applications: " & objItem.UpgradeableApplications
    objFile.WriteLine "Upgrade Settings Mandatory: " & objItem.UpgradeSettingsMandatory
    objFile.WriteLine "Version Number (High): " & objItem.VersionNumberHi
    objFile.WriteLine "Version Number (Low): " & objItem.VersionNumberLo
Set objShell = WScript.CreateObject( "WScript.Shell" )

Open in new window


Author Comment

ID: 22919907
Thanks for the reply. I wonder if you'd be able to answer a couple of questions?

Looking a the above script it seems to run a RSOP on the current machine, which effectvley would only search within the GPO's which are applied to the client computer which the script is executed on. Is this the case, and if so is it possible to ammend it so that it searches within all GPO's in a domain (or possibly even better to just search all GPO's assigned to a particular OU)?

Also owing to limitations in re-packaging a number of out applications, many of them are deployed via startup script rather than a software deployment MSI. Is it also possible to extend the script so that it searches through the startup scripts section of the GPO in addition to the MSI assigned applications?

LVL 14

Assisted Solution

rejoinder earned 400 total points
ID: 22923253
Rats  after testing the script further, I found as you mentioned, that policies that were in AD and NOT applied to this desktop could not be searched.  Unfortunately, the computer Im testing on has been a member of just about every software policy Ive made so I was able to see most of the policies.  
To look at this in a different way, you could search the \\domaincontroller\sysvol\domain\policies folder for .aas files that contain the file name you are looking for.  Same for the login scripts that assign through the method mentioned above.  They would be in your \\domaincontroller\sysvol\domain\scripts folder and could be searched using your regular windows search function.
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 22958528
Interesting idea, but after testing it still doesn't provide the full functionality I require. Really in the instance of Startup Scripts I need the full path and filename that is being referenced as we store our scripts outside of the policies folder on a seperate DFS share which also includes the software installation media.
Same goes for the MSI's for which these GPO's will all reference MSI's on \\fileserver\share\softwarename\install.msi for example.
Its the paths of both MSI's and scripts I need.

I wonder if there is a way to write some sort of procedure or filter etc. into the GPMC possibly rather than doing it via VBScript?
LVL 14

Expert Comment

ID: 22963102
I have not tried to filter scripts using the GPMC tool however, I found a script that can send all your GPO's to HTML reports (http://cwashington.netreach.net/depo/view.asp?Index=1117).  When viewing the reports, I can clearly see what GPO is assigned what software policy for installing files because this is the exact same report you get when in the GPO snap-in.  Anyway, there are many variables at this point to clearly point you in the right direction.  By this I mean that in each GPO you could point to none or more scripts.  Within each script you could point to additional scripts or to msi and exe files.  There is a possibility that each script is coded in a slightly different manner and finding file paths could  prove difficult to impossible without manually checking each script.

To help eliminate some of the variables, can you post a sample startup script and or install script and roughly where that script resides on your network?  If all the scripts being used are all identical (or comparible), then a better solution might come out of this.

Accepted Solution

philharle earned 0 total points
ID: 23631711
I managed to find two solutions that worked:

As far as assigned MSI's go, this does the trick

and for the startup scripts they were listed in scripts.ini located at \sysvol\Policies

LVL 14

Expert Comment

ID: 23634358
I've not seen that one before.  Thank you for posting the URL.

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Script to copy or move mouse-selected collection of files plus targets referenced by shortcuts (.lnk) The purpose of this article is to help illuminate the real challenges and options available (where they may exist) for utilizing simple scriptin…
When you see single cell contains number and text, and you have to get any date out of it seems like cracking our heads.
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Loops Section Overview
Suggested Courses
Course of the Month19 days, 19 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question