powershell script

I don't know any. but I'll share one with you:

Get-WinEvent -ProviderName 'Microsoft-Windows-grouppolicy' |where{ $_.leveldisplayname -ne "information"}

Select allOpen in new window

This will look for the Microsoft/Windows/GroupPolicy log (called operational (ws2012r2).
Will find anything doesn't match "information" at the log level. (warnings and errors).

Source: https://social.technet.microsoft.com/Forums/windows/en-US/0a9683ab-096f-4a29-a51a-fa685514e9f7/geteventlog-accessing-applications-ans-servies-logs?forum=winserverpowershell

Hi AA,

This command will generate a CSV file that you can open in Excel showing all the Group Policy events over the last 30 days:

Get-WinEvent -FilterHashTable @{LogName='Microsoft-Windows-GroupPolicy/Operational'; StartTime=(Get-Date).AddDays(-30)} | Export-CSV C:\Temp\ZZ_WinEvents.csv -NoTypeInformation

Select allOpen in new window

If you want to cover a shorter or longer period (limited to how far back your logs go), then change the 30 to whatever duration you want.

Change the destination file path and name as required.


Alan.

Hi Alan
I am getting this error:

Get-WinEvent : No events were found that match the specified selection criteria.
At line:1 char:1
+ Get-WinEvent -FilterHashTable @{LogName='Microsoft-Windows-GroupPolic ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (:) [Get-WinEvent], Exception
    + FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand

Hi Jose,
I can only see the failed group policy. I also need successful applied policy. and I need this to run again all the devices in AD environment. can you please tell me how its done.

thanks!

try it like this:

Get-WinEvent -ProviderName 'Microsoft-Windows-grouppolicy' 

Select allOpen in new window

you'd get a bunch of informational events, but I don't see them as successful, it was seen as informational.

Now I can see both. Can I see what group policy applied to the machine? and how do I get this to run against all the machines in Active Directory.

****Get all computers using network or IP****
$allcomputers

Check here how to run the script against a whole C-class network. It pings the whole network once and get the script run in those who answered. The logic is here:
https://gallery.technet.microsoft.com/scriptcenter/Process-Killer-for-local-836f5b46

foreach($computer in $computers){
    Get-WinEvent -ProviderName 'Microsoft-Windows-grouppolicy'  -Computername $computer
}

Select allOpen in new window

Hi,

I'm inferring that the last command works for you, so to run that one against all computers, try this script:

Import-Module ActiveDirectory

$Computers = Get-ADComputer -Filter *

ForEach($Computer in $Computers){

    Get-WinEvent -ProviderName 'Microsoft-Windows-GroupPolicy'  -ComputerName $Computer
}

Select allOpen in new window

Alan.

I was able to pull the info from my machine but its not running against all Devices in AD.

I am getting this error:

Get-WinEvent : The RPC server is unavailable
At line:14 char:5
+     Get-WinEvent -ProviderName 'Microsoft-Windows-GroupPolicy'  -Comp ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-WinEvent], EventLogException
    + FullyQualifiedErrorId : System.Diagnostics.Eventing.Reader.EventLogException,Microsoft.PowerShell.Commands.GetWinEventCommand
 
Get-WinEvent : The RPC server is unavailable
At line:14 char:5
+     Get-WinEvent -ProviderName 'Microsoft-Windows-GroupPolicy'  -Comp ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-WinEvent], EventLogException
    + FullyQualifiedErrorId : System.Diagnostics.Eventing.Reader.EventLogException,Microsoft.PowerShell.Commands.GetWinEventCommand
 
Get-WinEvent : The RPC server is unavailable
At line:14 char:5
+     Get-WinEvent -ProviderName 'Microsoft-Windows-GroupPolicy'  -Comp ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-WinEvent], EventLogException
    + FullyQualifiedErrorId : System.Diagnostics.Eventing.Reader.EventLogException,Microsoft.PowerShell.Commands.GetWinEventCommand

Odd - I would have expected the error to identify which machines had errors (the RPC service not running).

Maybe run against a smaller subset (half each time for example) and try to work out one machine that is having the problem, and then examine it in more detail.

Alan.

sure let me try that.

no luck with the script. Please help.

Okay - did you manage to narrow it down to any single machine with the error and run it against that machine only?

What happened?  Was the error the same?

Thanks,

Alan.

Get-WinEvent : The RPC server is unavailable
At line:5 char:5
+     Get-WinEvent -ProviderName 'Microsoft-Windows-GroupPolicy'  -Comp ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-WinEvent], EventLogException
    + FullyQualifiedErrorId : System.Diagnostics.Eventing.Reader.EventLogException,Microsoft.PowerShell.Commands.GetWinEventCommand

even this script also give me the same error:

foreach($computer in $computers.name){
    Get-WinEvent -ProviderName 'Microsoft-Windows-grouppolicy'  -Computername $computer
}

But it works on most (or at least some) other machines fine?

If so, there must be a difference in how the machines are configured.

Are you able to check both a problem machine and one that is working, and see if the RPC services are running?

If using PowerShell:

Get-Service -ComputerName MachineNameFailing -Name *RPC*

Get-Service -ComputerName MachineNameWorking -Name *RPC*

Select allOpen in new window

Thanks,

Alan.

PS C:\WINDOWS\system32>
PS C:\WINDOWS\system32> Get-Service -ComputerName MachineNameFailing -Name *RPC*
Get-Service : Cannot open Service Control Manager on computer 'MachineNameFailing'. This operation might require oth
privileges.
At line:1 char:1
+ Get-Service -ComputerName MachineNameFailing -Name *RPC*
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-Service], InvalidOperationException
    + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.GetServiceCommand

PS C:\WINDOWS\system32>
PS C:\WINDOWS\system32> Get-Service -ComputerName MachineNameWorking -Name *RPC*
Get-Service : Cannot open Service Control Manager on computer 'MachineNameWorking'. This operation might require oth
privileges.
At line:1 char:1
+ Get-Service -ComputerName MachineNameWorking -Name *RPC*
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-Service], InvalidOperationException
    + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.GetServiceCommand

is there any script that I can use in sccm to grab this information?

can I run this using sccm against all the devices?
Get-WinEvent -ProviderName 'Microsoft-Windows-grouppolicy'

Get-Service -ComputerName MachineNameFailing -Name  "NAmeOfThe Service" 

Select allOpen in new window

you can't use *NAME* there, to filter you can use the where statement.

Get-Service -ComputerName MachineNameFailing | where{ $_.Name -match "NAME"} 

Select allOpen in new window

See the NO "*NAME*" you can use a regular expression there if you want.

I have a list of computers in computers.csv. I am only getting report back for my machine. Am I missing anything in this?

$computers=Import-CSV ".\computers.csv"

Foreach ($computer in $computers){
  $computer
Get-WinEvent -ProviderName 'Microsoft-Windows-grouppolicy' | export-csv .\output.txt
}

even if I put the computer name, it doesn't give the report from those computers. it only pulls the report for local machine.

this is the result for the script.


PS C:\>
$computers=Import-CSV ".\computers.csv"
Foreach ($computer in $computers){
   Get-WinEvent -ProviderName 'Microsoft-Windows-grouppolicy'  -ComputerName $computer | export-csv -notypeinformation  ".\$computer.txt"
}

Get-WinEvent : The RPC server is unavailable
At line:4 char:4
+    Get-WinEvent -ProviderName 'Microsoft-Windows-grouppolicy'  -Compu ...
+    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-WinEvent], EventLogException
    + FullyQualifiedErrorId : System.Diagnostics.Eventing.Reader.EventLogException,Microsoft.PowerShell.Commands.GetWi
   nEventCommand
 
Get-WinEvent : The RPC server is unavailable
At line:4 char:4
+    Get-WinEvent -ProviderName 'Microsoft-Windows-grouppolicy'  -Compu ...
+    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-WinEvent], EventLogException
    + FullyQualifiedErrorId : System.Diagnostics.Eventing.Reader.EventLogException,Microsoft.PowerShell.Commands.GetWi
   nEventCommand
 
Get-WinEvent : The RPC server is unavailable
At line:4 char:4
+    Get-WinEvent -ProviderName 'Microsoft-Windows-grouppolicy'  -Compu ...
+    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-WinEvent], EventLogException
    + FullyQualifiedErrorId : System.Diagnostics.Eventing.Reader.EventLogException,Microsoft.PowerShell.Commands.GetWi
   nEventCommand

Well, the error is related to RPC, not to the script itself. That's another post,
Here's the light to that one: https://www.netwrix.com/kb/1291

I have checked those three services running on the machine I am testing this script on. confirmed the IP address, and enabled two local policies. Still the same error.

The issue is with the RPC not with the script buddy. Troubleshooting the RPC should be another question.
This question started with one question and it has lead to several things that aren't related to the original question.
So do a correct use of the page and post 1 matter on each question.

Appears to be the best solution.