Question

How to query endpoints for GPO or their registry settings and build a list

  • 22 June 2022
  • 1 reply
  • 69 views

Badge

Hello,

 

We are looking to query endpoints to see if they have certain GPO’s applied and want to build a list of who has or doesn't have the two GPO’s.

The evaluation code in the below worklet looks like it can identify the GPO’s by the registry setting.

https://support.automox.com/help/enforce-windows-registry-settings-worklet

 Any idea’s or help in accomplishing the remainder of our use-case would be appreciated.


1 reply

Hello!

 

You can wrap the gpresult /r /scope:computer command into a Worklet’s remediation code to achieve this.

 

In your worklet, set the Evaluation code to an Exit 1 so that it immediately triggers the Remediation code:

Exit 1

 

 

In the Remediation code, use the following code:

$cmdCommand = 'C:\Windows\System32\gpresult.exe'

$Call = (& $cmdCommand '/r' '/scope:computer')

Write-Output $Call

 

This will invoke gpresult.exe with the /r and /scope:computer switches and output the results to the Log Summary of Automox Activity Log.

 

Optional: You can export the Activity Log results to a CSV and filter through to see which devices have inherited which GPOs.

 

Have a great day!

Reply