Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 64
  • Last Modified:

Check GPOs ACL Ensure it Has Authenticated Users - Read

Hi, I am running the following to check and ensure all GPOs in our domain have authenticated users with read access and export it to a CSV. I am getting false results. Can someone please shed some light? Thank you!

Function Test-GPOAuthenticatedUsers{
#Load GPO module
Import-Module GroupPolicy

#Get all GPOs in current domain
$GPOs = Get-GPO -domain child.domain.com -all

#Check we have GPOs
if ($GPOs) {
#Loop through GPOs
foreach ($GPO in $GPOs) {
#Nullify $AuthUser
$AuthUser = $null

#See if we have an Auth Users perm
$AuthUser = Get-GPPermissions -Guid $GPO.Id -TargetName “Authenticated Users” -TargetType Group -ErrorAction SilentlyContinue

#Alert if we don’t have an ‘Authenticated Users’ permission
if (-not $AuthUser) {
$status = ‘Missing Authenticated Users Permission’
} #end of if (-not $AuthUser)
else {
#Alert on a custom permission
if ($AuthUser.Permission -eq “GpoCustom”) {
$Status = ‘Custom Authenticated Users Permission’
} #end of if (-not $AuthUser)
else{
$Status = $true
}
} #end of if (-not $AuthUser)
[pscustomobject]@{‘DisplayName’=$GPO.DisplayName;’ID’=$GPO.ID;’Status’=$status}
} #end of foreach ($GPO in $GPOs)
} #end of if ($GPOs)
}

Test-GPOAuthenticatedUsers | Export-Csv -path c:\temp\gpoauthusersissues.csv -NoTypeInformation
0
IT_Admin XXXX
Asked:
IT_Admin XXXX
  • 3
  • 2
1 Solution
 
footechCommented:
Besides the use of "pretty" quotes (double and single), I don't see anything wrong.

Can you describe further your incorrect results?
0
 
IT_Admin XXXXAuthor Commented:
I just get inaccurate results when I call the other domains (not the domain that I'm logged into)
0
 
footechCommented:
Try adding the -domain parameter to the Get-GPPermissions command.
1
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
Senior IT System EngineerIT ProfessionalCommented:
Hi IT_Admin XXXX,

Does your script above does something to the registry or just report and get some information then dumps to .CSV ?
0
 
footechCommented:
It doesn't change anything, just grabs info.
1
 
Senior IT System EngineerIT ProfessionalCommented:
@Footech: Thanks for the clarification.

@Hi IT_Admin XXXX,

So did you apply the Authenticated Users - Read permission manually for all the GPO in the script result the after applying the patch below ?

Security Update for Windows Server 2012 R2 (KB3159398)
More information: http://support.microsoft.com/kb/3159398

Or after applying the patch ?
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now