Select Page

Group Policy Objects (GPOs) can contain many different kinds of settings. Much of that data is simple registry data. Finding registry settings in GPOs and handling them is not the simplest of tasks and requires some PowerShell. Microsoft has provided some cmdlets for the management of Group Policy and at SDM Software we have provided quite a bit more to enable additional scenarios that cannot be achieved out of the box.

Here is an example of using Microsoft’s native Group Policy cmdlets to find registry settings in a GPO. This example looks at the Registry.pol file in the GPO which contains settings from Administrative Templates as well as other settings that write to the registry.pol file.

In this video I will go through finding managed Administrative Template settings in the GP Editor, through a free tool called registry.pol viewer and through a PowerShell Function I created borrowing the core functionality from GPOGuy’s ADMXtoDSC script.

I’m adding the function that I created to go through the GPO and find all settings in registry.pol file. You can easily add capabilities to find all GP Preference Registry Settings as well. You will need to know a bit about how these functions work but watch the video to see a walk-through of this information. It is a bit long but I think you’ll find it useful.


# This function retrieves settings it does not make changes to GPOs.

function Recurse-PolicyKeys{
 [CmdletBinding()]
 param(
   [Parameter(Mandatory=$true)]
   [string]$GPOName,

   [Parameter(Mandatory=$true)]
   [string]$Key
 )
 $current = Get-GPRegistryValue -Name $gpoName -Key $key
 foreach ($item in $current){
   if ($item.ValueName -ne $null){
   [array]$returnVal += $item 
 }
   else{
     Recurse-PolicyKeys -Key $item.fullkeypath -gpoName $gpoName
   }
 }
 return $returnVal
}

Check-out the video. Enjoy!