Searching a GPO for a specific setting with Powershell is a pretty simple task to perform and it’s really handy when you need to go through a ton of policies or domains in the forest. The script I’ll propose below is very basic and will only require you to input the Domain and the string you want to be searching.

Prerequisites

• You must be able to have enough permission to access all GPOs in the environment. Searching in a domain where you can only see a part of GPOs is sort of useless as the setting you’re after might not be visible with your rights. Perhaps this is good enough for you.
• You must have the Group Policy Management feature installed.
  • Windows Client
    • Turn Windows features on or off >> Remote Server Administration Tools >> Feature Administration Tools >>Group Policy Management Tools.
  • Windows Server
    • Enable the Group Policy Management feature.

This is not a prerequisite, but I strongly suggest you to run this from a machine as close as possible to a Domain Controller. In a large environment it’ll take a long time to run, if ran on a slow link.

Searching a GPO for a specific setting with Powershell – The script.

In the example below, I’m searching for “Windows Defender Firewall” for the domain idroplets.com.

$String = "Windows Defender Firewall"
$Domain = "itdroplets.com"

$NearestDC = (Get-ADDomainController -Discover -NextClosestSite).Name

#Get a list of GPOs from the domain
$GPOs = Get-GPO -All -Domain $Domain -Server $NearestDC | sort DisplayName

#Go through each Object and check its XML against $String
Foreach ($GPO in $GPOs)  {
  
  Write-Host "Working on $($GPO.DisplayName)"
  
  #Get Current GPO Report (XML)
  $CurrentGPOReport = Get-GPOReport -Guid $GPO.Id -ReportType Xml -Domain $Domain -Server $NearestDC
  
  If ($CurrentGPOReport -match $String)  {
	Write-Host "A Group Policy matching ""$($String)"" has been found:" -Foregroundcolor Green
	Write-Host "-  GPO Name: $($GPO.DisplayName)" -Foregroundcolor Green
	Write-Host "-  GPO Id: $($GPO.Id)" -Foregroundcolor Green
	Write-Host "-  GPO Status: $($GPO.GpoStatus)" -Foregroundcolor Green
  }
  
}

Here’s an example of what happens when the script finds what you’re looking for:

If you want to use this on your one, modify the first two lines by adding the domain and the string you want to look for.

Script Review

After the first two variables to be input by the user, the script will try to get the nearest Domain Controller from where the its being executed. This is extremely handy to avoid to go to talk to a Domain Controller on a slower network.
It then gets a list of all GPOs in the domain and sort them by their DisplayName. This is important as the script will then go through them all alphabetically and you’ll can see them as they’re displayed in the GUI without going crazy.
For each GPO found, the script will get a report for it and will finally try to match the string you’re looking for. If it’s found, it’ll write down, in green, that the GPO has been found and will return more info such as the GPO ID and its Status.