Still plodding through the GPO scripting through Quest Group Policy Manager given all the other things I have going on but I cranked this out last week quickly to meet a quick checklist item. As the comments in the code say, “In an ideal world, this would be a cmdlet called Delete-QGPO. ” The only change you need to make is to change the $useParams value to $true to start using it like a cmdlet and feed it the params specified. As with all things PowerShell, the intent is to call this on 1 object (a GPO) and if you want to use it on a set of objects, get that list, and pipe it in, like so:
import-csv deletelist.csv | % {& Delete-QGPO.ps1 $_.GPOName $_.GPMServer $_.ApprovalRequired}
That is it. Now for all the code . . .
############################################################################################################# # # In an ideal world, this would be a cmdlet called: # Delete-QGPO GPOName [-GPMServer] [-GPMPort] [-ApprovalRequired] # ############################################################################################################# Set-ExecutionPolicy Unrestricted;
############################################################################################################# # the next section is all hard coded variables which need to be set to script parameters ############################################################################################################# $useParams = $false;
if ($useParams)
{
# define the GPO name, which is what people will probably know it as – this can be an argument to a script later
$gpoName = $args[0];
# Which GPM Server to export from $GPMHostname = $args[1];
$GPMPort = $args[2];
$ApprovalRequired = $args[3];
}
else
{
# Which GPM Server to export from
$GPMHostname = "localhost";
$GPMPort = 40200;
# define the GPO name, which is what people will probably know it as – this can be an argument to a script later
$gpoName = "Test Policy";
$ApprovalRequired = "no";
}
#############################################################################################################
& 'C:\Program Files\Quest Software\Quest Group Policy Manager\QGPMInit.ps1' -computerName $GPMHostname
$foundGPO = $false ;
# loop through all the objects in the data set and find the policy we want
foreach($currentGPO in $VCManager.GetControlledObjects("GPO") |
Where-Object {$_.Name -eq $gpoName})
{
$foundGPO = $true;
# count the number of deployed versions
$counter1 = 0;
$DeleteGPO = $false;
# check out the GPO so we can edit it
# you can discard the contents returned since we want a previous version
$VCManager.Delete($currentGPO.VCId, "Deleting GPO - bye bye");
Write-Output "Requesting approval to delete GPO $gpoName";
if ($ApprovalRequired.ToUpper().Substring(0,1) -eq "N")
{
$VCManager.Approve($currentGPO.VCId, "Requesting Approval");
$VCManager.Deploy($currentGPO.VCId, "Deploying (actually deleting) GPO")
Write-Output "GPO $gpoName deleted";
}
}
if ($foundGPO -eq $false)
{
Write-Output "GPO $gpoName not found"
}
Comments on this entry are closed.