Properly secure and document group policies
It’s been some time since I started working on the first basic version of the script in August 2014, and posted about it on CONET’s blog. This first version came to just 6 lines of code without the header. Since then a lot has happened and the script has grown in the TechNet Gallery. Time for a new article about the script and its function.
In the current version 1.55, we already have a good 170 lines without the header. What has been added since then? Mainly functions that were requested from me, or problems I had in environments with the script. Since the simple version could do almost nothing, except the basics, here is a list of functions:
- Cleanup of older backups (older than x days)
- Filtering out unsupported characters during backup
- Saving the backup in subdirectories with a timestamp
- Create a human-readable HTML report to any GPO
- Creating entries in the event log (with admin rights)
- Runs without administrative permissions even in the context of a normal user (caution, GPO that the user cannot read will not be saved)
- Creates log files and a CSV final report
- PowerShell version 3 or later
- Group Policy Management is installed locally (Because of the PowerShell module)
- Group policy preferences, e.g. IE 10, depending on the system the script is running on. These settings are saved, but may not be present in the HTML report if the system cannot display them. I can’t change that either, the interfaces are not working anymore.
And what else can the script be used for besides backups?
Some of my customers also use it to monitor changes to the GPO. There the script runs as a scheduled task on a domain controller once a day. So the customer can check changes to the group policies over the period of time used there. Very useful for error analysis, especially if there is more than one administrator.
How do you get the current version? The current version is 1.55 and can be downloaded from the TechNet Gallery. If you like the script, I’m looking forward to a review in the Gallery. If you have any wishes or suggestions, please let me know.
Note about program and Power Shell Code
This article first appeared on Infrastrukturhelden.de in German.