Get-GphGpHistory.ps1
|
#requires -Version 2.0 function Get-GphGpHistory { <# .SYNOPSIS Retrieve the Group Policy History from the Registry. .DESCRIPTION The Group Policy Clients saves the last Group Policy run in Registry. This Cmdlet retrieves the keys and shows the respective Values .EXAMPLE Get-GPHistory -Scope Machine Shows the History for the Last time Computer-Policies were applied. .NOTES Author: Holger Voges Date: 2018-11-16 Version: 1.0 #> [CmdletBinding()] param( # User returns the User-History, Machine the Machine-History and All both [Parameter(Mandatory=$true)] [ValidateSet('User','Machine')] [String]$Scope, [switch]$detailed ) If ( $detailed ) { $HistoryProperties = 'DisplayName','GPOName','GPOLink','Extensions','Options','Version','Link','DSPath','FileSysPath' } Else { $HistoryProperties = 'DisplayName','GPOLink','Extensions','Options','Version','Link' } $GPHistoryKey = 'Software\Microsoft\Windows\CurrentVersion\Group Policy\History' Switch ( $PSBoundParameters.Item('Scope') ) { User { $GPHistoryPath = Join-Path -Path 'Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER' -ChildPath $GPHistoryKey } Machine { $GPHistoryPath = Join-Path -Path 'Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE' -ChildPath $GPHistoryKey } } $GPEs = Get-ChildItem -Path $GPHistoryPath foreach ( $GPExtension in $GPEs ) { $PolicyList = Get-ChildItem -path $GPExtension.PSPath Foreach ( $policy in ( $PolicyList ) ) { $GpoHistoryProperties = @{} Foreach ( $Property in ( $HistoryProperties )) { Switch ( $property ) { 'lParam' {break} 'Extensions' { $ExtensionList = (( Get-ItemProperty -Path $policy.PSPath -Name $_ ).$_) -split "(\[.+?\])" | Where-Object { $_ } $GpoHistoryProperties[$_] = $ExtensionList -join "`n" ; break } Default { $GpoHistoryProperties[$_] = (( Get-ItemProperty -Path $policy.PSPath -Name $_ ).$_ )} } } New-Object -TypeName PsCustomObject -Property $GpoHistoryProperties } } } |