search

EvotecIT / GPOZaurr

Group Policy Eater is a PowerShell module that aims to gather information about Group Policies but also allows fixing issues that you may find in them.
864 stars 81 forks source link

Find missing, bad, old ADMX files #22

Open PrzemyslawKlys opened 3 years ago

Karl-WE commented 1 year ago

Hi @PrzemyslawKlys how about having a Script to remove adm files from GPOs Done so lately after a successful session with your awesome tool.

The removal is simple on FS

#Fetch Domain Name with either Resolve-DNSName or Get-ADDomain (latter has a module requirement) 
#how-to to handle multi Domain? 
[string]$DomainameFQDN = 

#Locate Policies folder in sysvol 
[string]$SysvolLocation = 

#Fetch and remove adm templates
[array]$ADMFiles = Get-Childitem *.adm -Files - Recurse | Remove-Item -force - confirm:$false

#ToDo Find a way to remove the from being linked in GPOs 
#as a workaround: log output of path where they were found 

$ADMFiles.Directory | Get-Unique

I hope this isn't a duplicate report or implemented, could not find it. Code snipped may contain errors. Written from the top of my mind how I solved it.

Karl-WE commented 1 year ago

Remote related #41

Karl-WE commented 1 year ago

I would be also thinking about how to find old (outdated ADMX and remove them from from the store) maybe the other project that's updating them could join forces to cleanup old ones.

PrzemyslawKlys commented 1 year ago

For ADM files:

For ADMX cleanup - I started playing with it a while ago, but couldn't decide on the best approach. I have my own idea on ADMX but if someone wants to help - go ahead ;)

PrzemyslawKlys commented 1 year ago

Also for ADM files:

For ADMX:

Karl-WE commented 1 year ago

The legacy files thing is what I searched for. We went through the invoke-GPOzaurr twice but were not able to find the tab.

Could you help Przemek?

PrzemyslawKlys commented 1 year ago

Ye, just run Invoke-GPOZaurr -Type SysVolLegacyFiles. It's not enabled by default. You have to explicitly ask for it. Not all GPO reports are enabled by default. There are also others which are disabled for different reasons.