So I am now getting further into the GPM script, and am writing a script that could ultimately become a cmdlet. This one exports out a GPO and its associated links. Next week, I’ll have the complementary import posted. Everything is hard-coded, but you can see how the script would be parameterised.
———————-
############################################################################################################# # # In an ideal world, this would be a cmdlet called: # Export-QGPO GPOName [-FilePath] [-DomainName] [-GPMServer] [-GPMPort] [-IncludeLinks] [-PreviousVersion] # #############################################################################################################
Set-ExecutionPolicy Unrestricted;
############################################################################################################# # the next section is all hard coded variables which need to be set to script parameters ############################################################################################################# # define the GPO name, which is what people will probably know it as – this can be an argument to a script later $gpoName = "VAS Policy";
# location where to put the exported GPOs $backupPath = "C:GPMScriptsscratch";
# how far back to go - 1 is the last deployed version # note: this is changed from previous version which got the live GPO - this is by design $previousVersionCount = 1;
# Which GPM Server to export from $GPMHostname = "localhost";
# specify whether links ought to be exported along with the GPO itself $IncludeLinks = $true;
# the name of the current domain - should be pulled from GPM probably $CurrentDomain = "quest.local"; ############################################################################################################# & 'C:Program FilesQuest SoftwareQuest Group Policy ManagerQGPMInit.ps1' -computerName $GPMHostname
$foundGPO = $false ;
# loop through all the objects in the data set and find the policy we want
foreach($currentGPO in $VCManager.GetControlledObjects("GPO") |
Where-Object {$_.Name -eq $gpoName})
{
$foundGPO = $true;
# count the number of deployed versions
$counter1 = 0;
$exportSuccess = $false;
# now start rolling through history - note: the array brought back by getHistory is unsorted
# so we need to sort it, and find the first 'Deploy' version
foreach ($action in $VCManager.GetHistory($currentGPO.VCId) | Sort-Object -Descending Version)
{
# pull back only deployed objects, since we need to go 1 back
# this should probably be deployed or registered GPOs -
# someone else can put in the additional check
if ($action.Type -eq "Deploy")
{
$counter1 += 1;
# 1 is really the last deployed version - which is what probably ought to be the default
if ($counter1 -eq $previousVersionCount)
{
# Retrieve a backup from version control
$GPOBackup = $VCManager.GetBackup( $currentGPO.VCId, $action.BackupId);
# if we got back something valid, start the export
if( $null -ne $GPOBackup)
{
$fileName = $gpoName + ".zip";
[System.IO.File]::WriteAllBytes( [System.IO.Path]::Combine( $backupPath, $fileName ), $GPOBackup.Bytes );
# go into this section if you want to export links at the same time as the GPO
if ($IncludeLinks)
{
# get a collection of all GPOLinks
$currentGPOLinks = $VCManager.GetGpoLinks($CurrentDomain,$currentGPO.Id);
[System.IO.StreamWriter] $LinkFile;
$LinkFile = [System.IO.File]::CreateText([System.IO.Path]::Combine( $backupPath, $gpoName + " Links.xml"));
foreach ($currentLink in $currentGPOLinks | Sort-Object -Descending LinkOrder )
{
$LinkFile.WriteLine("<GPOLink>");
$LinkFile.WriteLine(" <SOMPath>" + $currentLink.SOMPath + "</SOMPath>");
$LinkFile.WriteLine(" <LinkOrder>" + $currentLink.LinkOrder + "</LinkOrder>");
$LinkFile.WriteLine(" <Enabled>" + $currentLink.Enabled + "</Enabled>");
$LinkFile.WriteLine(" <Enforced>" + $currentLink.Enforced + "</Enforced>");
$LinkFile.WriteLine("</GPOLink>");
}
$LinkFile.Close();
$LinkFile.Dispose();
}
}
$exportSuccess = $true;
}
}
# should probably break out of the loop here
}
}
Comments on this entry are closed.