Searching a GPO for a specific setting with Powershell

Searching a GPO for a specific setting with Powershell is a pretty simple task to perform and it’s really handy when you need to go through a ton of policies or domains in the forest. The script I’ll propose below is very basic and will only require you to input the Domain and the string you want to be searching.


  • You must be able to have enough permission to access all GPOs in the environment. Searching in a domain where you can only see a part of GPOs is sort of useless as the setting you’re after might not be visible with your rights. Perhaps this is good enough for you.
  • You must have the Group Policy Management feature installed.
    • Windows Client
      • Turn Windows features on or off >> Remote Server Administration Tools >> Feature Administration Tools >>Group Policy Management Tools.
    • Windows Server
      • Enable the Group Policy Management feature.

This is not a prerequisite, but I strongly suggest you to run this from a machine as close as possible to a Domain Controller. In a large environment it’ll take a long time to run, if ran on a slow link.

Searching a GPO for a specific setting with Powershell – The script.

In the example below, I’m searching for “Windows Defender Firewall” for the domain

Here’s an example of what happens when the script finds what you’re looking for:


If you want to use this on your one, modify the first two lines by adding the domain and the string you want to look for.

Script Review

After the first two variables to be input by the user, the script will try to get the nearest Domain Controller from where the its being executed. This is extremely handy to avoid to go to talk to a Domain Controller on a slower network.
It then gets a list of all GPOs in the domain and sort them by their DisplayName. This is important as the script will then go through them all alphabetically and you’ll can see them as they’re displayed in the GUI without going crazy.
For each GPO found, the script will get a report for it and will finally try to match the string you’re looking for. If it’s found, it’ll write down, in green, that the GPO has been found and will return more info such as the GPO ID and its Status.

Read More

Get GoodWe data with Powershell

I recently had a few solar panels installed over the roof of my house and right after that I thought, how can I get GoodWe data with Powershell?

GoodWe is the brand of the inverter installed, which connects to my home wifi and sends data automatically to the GoodWe Portal. The model I have is the GW4200D-NS.

I have to say that I wasn’t happy with the app I was provided with, neither was I happy with the portal, which refreshes theĀ Real Time Data every 15 minutes! What kind of real time is that? However, to be fairly honest, why would you want to see actual Read Time readings? Well, because I want to. šŸ™‚

Before looking for a solution on my own, I always search online, I don’t want to re-invent the wheel, so I found a post where I got the main idea:Ā . This post describes a way of grabbing the data from a non-Windows environment.

Important: I am not (nor is the post above) grabbing the data directly from the inverter, but I am leveraging the GoodWe portal information. An idea I have is to sniff the traffic the inverter sends to goodwe, capture it and re-utilise it, however I’m not too interested in that yet as the solution I have works fine. (more…)

Read More

Replicate all group members from Group A to Group B in Powershell

This is going to be a very quick article that will show you how to simply replicate all members from a group over to another group with the AD powershell module.

There are mainly two different goals:

  1. You want to replicate all group members from Group A to Group B in Powershell, as they are.
  2. You want to replicate allĀ users that are inĀ Group AĀ recursively to Group B.

Case 1

Simple enough, this will grab every member as it is (either a user, a group or any other object) and add it to Group B.

Case 2

The difference between case 1 and 2 isĀ -Recursive. This will grab allĀ members including members of other groups. For instance if Group A had 3 members, 2 user objects and a group called “Group A1” which then contained 3 users, you will see that Group B will contain just the 5 users and not the groups.

Read More

iDRAC 6: Drive Error Either Virtual Media is detached

I was working on one of these old iDRACs and once I added a new ISO, I was not able to mount it because of the error below.

iDRAC 6: Drive Error Either Virtual Media is detached or Virtual Media redirection for the selected virtual disk drive is already in use.

In order to fix this issue, connect to iDRAC with an admin account and go to System > Console/Media, then on Configuration.


Under “Virtual Media” change it to Attach (or Auto Attach if you like).


Apply the changes and you’re good to go!

Read More

Set Permissions for a Print Server with Powershell

You cannot set permissions for a print server with Powershell alone. At least you can’t right now (4th of May 2017). There’s a way though šŸ™‚

I spent a few hours researching this and I noticed I wasn’t the only one that wanted to set up a security group on a Print Server level in a scripted manner, however everybody was stuck with the same issue. Just to be clear, this is what I want to achieve:


My idea is to get a security group to be able to fully manage the print server, without being Server Admins. And I want to achieve this before adding any printer so that permissions will eventually get applied onĀ new printers. In theory this step will help me with automating a print server installation/configuration.


I was losing any hope until I came across a technet forum’s thread where there was a discussion over “setprinter.exe“, a tool contained in the Windows Server 2003 Resource Kit. However the one that comes with it, doesn’t really work. After some more time, I was able to obtain the updated MS version of the tool which you can download from here: SetPrinter.Zip.
Note that I only have the 64bit version of it, so this won’t work on a 32bit system.

I will try and explain how we’re going to use this application before showing you a basic powershell script that will assign the permissions. The cool thing of this tool is that it can work remotely as well.

First of all, we will work with theĀ pSecurityDescriptor. This contains the access type and depending on how we use setprinter.exe, we can grab and/or set the pSecurityDescriptor for the Print Server itself or for one of its printers; the last option would be useless as Powershell nowadays allows you to change printer’s security settingsĀ easily.

So, let’s run the following to get the current pSecurityDescriptor:

Note that right after the print server you need to add a backslash and you need a space and the number 3 right after.

This is what you’ll get (these are the default permissions):


During the process when I was trying to understand this, I added a security group to the permissions of the server (manually, through the GUI) and gave it Full Control (this is the level of permissions I need for the group). After doing that, I re-ran the command above and I got this:

This might seem confusing, but ultimately it’s simple: Anything withinĀ ( ) contains the permissions and the user/group identification and for the group I just added, that’s itsĀ SID!
When I was testing this, I ended up adding an extra group manually (again, Full permissions) and re-ran the setprinter.exe command so that I could compare the 3 outputs and have a better understanding of what was happening.

Eventually I figured out thatĀ in order to assign full permissions to a user or a group, I need to add the following to the pSecurityDescriptor:

Obviously,Ā replace MYSIDHERE with the SID of the User or Group. That wasn’t so bad after all šŸ™‚


Time to have powershell to do some work now! See the script below:

I’ve added a lot of comments to make sure everything is explained. Remember that the AD Powershell module is required for getting the SID (you could use psgetsid if you don’t want to use the AD Module) and also thatĀ you can run this remotely from your own machine as setprinter.exe will be able to grab/apply permissions remotely.

Let’s go quickly through it: (more…)

Read More