Request:
In our environment, we did not have the WSUS setup, hence I
got request from my team to setup the GPO and Link to the domain Level.
But later on I received many complaints from patching team
that many servers are not reported to the WSUS console.
Then I got few computer accounts names and generated the
GPRESULT, then found that WSUS was disabled on few computers located in
different OUs and similarly, few GPOs are having WSUS configuration enabled
with different WSUS server names configured.
So, this made me thinking about there are some WSUS GPOs are
configured earlier which was not known to me. Hence I had searched in the
internet and found the below Microsoft Scripts which is mostly unknown to many
admins.
Solution:
Below method is what I have used to find out the WSUS
configured on multiple GPOs… Based on the result, I had discussed with my team
and came into conclusion whether to keep old ones or discard those settings…
Searching GPOs for
specific settings:
1)
Download the GPMC Sample Scripts from
Microsoft website
Notes about using the scripts:
2)
Install the sample script in your member
servers or RSAT installed system.
3)
Open CMD and move to the script location.
4)
For example : C:\Program Files
(x86)\Microsoft Group Policy\GPMC Sample Scripts
5)
Run GetReportsForAllGPOs.wsf c:\reports
/domain:test.pr
6)
Check the c:\reports location for html and
xml files.
7)
Move or delete the xml files
8)
Search the folder contains the html file for
specific GPO settings. Do not forgot to include the "file contents" in your
search.
Note: In this example, I am checking for screensaver timeout settings configured in the multiple GPOs.
9)
Now it finds
the GPO which contains screensaver timeout settings html file.
Reference articles:
Excellent Article, keep up the good work.
ReplyDelete