Usage: deletegpo.wsf GPOName [/KeepLinks] [/Domain:value]
GPOName: Name or GUID of the GPO to delete.
KeepLinks: Deletes the GPO but does not delete the links.
Domain: DNS name of domain.
cscript deletegpo.wsf "New Group Policy Object"
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.
Deleted GPO {305C5727-64AD-4FF1-AD7E-560655C7C39F}
Deleting links for GPO 'New Group Policy Object' in domain 'Fabrikam.com'
No links found.
2. GPO Reporting
Whether
you are auditing the environment or just documenting the GPO
infrastructure, you will want to report on a variety of aspects of the
GPO environment. These scripts allow you to report on individual GPOs,
their settings, and the GPO environment.
2.1 DumpGPOInfo.wsf
This script reports, or dumps, information regarding the specified GPO or GUID and then prints information about that GPO on the screen.
Syntax
Usage: dumpgpoinfo.wsf GPOName [/Domain:value]
GPOName: GPO name or ID.
Domain: DNS name of domain.
Example & Output
This script gathers information about the Default Domain Policy and lists it on the screen.
cscript dumpgpoinfo.wsf "Default Domain Policy"
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.
==============================================
Name: Default Domain Policy
ID: {31B2F340-016D-11D2-945F-00C04FB984F9}
-- Details --
Created: 10/31/2007 9:26:20 PM
Changed: 10/31/2007 9:26:20 PM
Owner: FABRIKAM\Domain Admins
User Enabled: True
Mach Enabled: True
-- Version Numbers --
User DS: 0
User Sysvol: 0
Mach DS: 1
Mach Sysvol: 1
-- Who this GPO applies to --
Authenticated Users
-- Who can edit this GPO --
-- Who can edit settings, modify security and delete this GPO --
SYSTEM
-- Who only has Read access --
ENTERPRISE DOMAIN CONTROLLERS
-- Who has custom permissions --
Domain Admins
Enterprise Admins
-- Where this GPO is linked (Sites,Domain,OU) --
Fabrikam.com (Domain)
2.2 DumpSOMInfo.wsf
This
script takes a specified scope of management (SOM) and outputs policy
information about it. It displays the linked GPOs and the policy
permissions regarding the node in Active Directory about
which you are inquiring. The SOMName can be the domain name, an
organizational unit, or a site. If you also want to show the inherited
GPO links, you can use the ShowInheritedLinks switch.
Syntax
Usage: dumpsominfo.wsf SOMName [/ShowInheritedLinks] [/Domain:value]
SOMName: Name of the SOM to query.
ShowInheritedLinks: Shows inherited GPO links for the SOM.
Domain: DNS name of domain.
Example & Output
This
script focuses on the organizational unit named Servers OU, reporting
on all of the GPOs that are associated with it, including the links
that are inherited from other nodes above it in the Active Directory
structure.
cscript dumpsominfo.wsf "Servers OU" /ShowInheritedLinks
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.
==============================================
Name: Servers OU
Type: Organizational Unit
Path: OU=Servers,DC=Fabrikam,DC=com
-- Inherited GPO Links --
1 Server GPO
2 Default Domain Policy
-- Who can link GPOs to this OU --
Domain Admins
SYSTEM
Enterprise Admins
Administrators
-- Who can generate RSoP logging data for this OU --
Domain Admins
SYSTEM
Enterprise Admins
Administrators
-- Who can generate RSoP planning data for this OU --
Domain Admins
SYSTEM
Enterprise Admins
Administrators
