Solved

Check GPOs ACL Ensure it Has Authenticated Users - Read

Posted on 2016-08-10
6
39 Views
Last Modified: 2016-08-23
Hi, I am running the following to check and ensure all GPOs in our domain have authenticated users with read access and export it to a CSV. I am getting false results. Can someone please shed some light? Thank you!

Function Test-GPOAuthenticatedUsers{
#Load GPO module
Import-Module GroupPolicy

#Get all GPOs in current domain
$GPOs = Get-GPO -domain child.domain.com -all

#Check we have GPOs
if ($GPOs) {
#Loop through GPOs
foreach ($GPO in $GPOs) {
#Nullify $AuthUser
$AuthUser = $null

#See if we have an Auth Users perm
$AuthUser = Get-GPPermissions -Guid $GPO.Id -TargetName “Authenticated Users” -TargetType Group -ErrorAction SilentlyContinue

#Alert if we don’t have an ‘Authenticated Users’ permission
if (-not $AuthUser) {
$status = ‘Missing Authenticated Users Permission’
} #end of if (-not $AuthUser)
else {
#Alert on a custom permission
if ($AuthUser.Permission -eq “GpoCustom”) {
$Status = ‘Custom Authenticated Users Permission’
} #end of if (-not $AuthUser)
else{
$Status = $true
}
} #end of if (-not $AuthUser)
[pscustomobject]@{‘DisplayName’=$GPO.DisplayName;’ID’=$GPO.ID;’Status’=$status}
} #end of foreach ($GPO in $GPOs)
} #end of if ($GPOs)
}

Test-GPOAuthenticatedUsers | Export-Csv -path c:\temp\gpoauthusersissues.csv -NoTypeInformation
0
Comment
Question by:IT_Admin XXXX
  • 3
  • 2
6 Comments
 
LVL 39

Expert Comment

by:footech
ID: 41750933
Besides the use of "pretty" quotes (double and single), I don't see anything wrong.

Can you describe further your incorrect results?
0
 

Author Comment

by:IT_Admin XXXX
ID: 41751004
I just get inaccurate results when I call the other domains (not the domain that I'm logged into)
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 41751025
Try adding the -domain parameter to the Get-GPPermissions command.
1
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 7

Expert Comment

by:Senior IT System Engineer
ID: 41754527
Hi IT_Admin XXXX,

Does your script above does something to the registry or just report and get some information then dumps to .CSV ?
0
 
LVL 39

Expert Comment

by:footech
ID: 41755072
It doesn't change anything, just grabs info.
1
 
LVL 7

Expert Comment

by:Senior IT System Engineer
ID: 41766490
@Footech: Thanks for the clarification.

@Hi IT_Admin XXXX,

So did you apply the Authenticated Users - Read permission manually for all the GPO in the script result the after applying the patch below ?

Security Update for Windows Server 2012 R2 (KB3159398)
More information: http://support.microsoft.com/kb/3159398

Or after applying the patch ?
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now