> the enviorment i work in is all win2k pro/server so GPMC is out. Are you saying you don't even have a single WinXP box in this environment?
If you have one, you could still install GPMC on the XP client - this will work fine against a win2k AD. Then execute the "GetReportsForAllGPOs.wsf" script that comes with GPMC (typically in the "C:\Program Files\GPMC\Scripts" folder). This will dump all settings of all GPOs in a domain including the links where the GPOs are applied. /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Mittwoch, 10. August 2005 19:26 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors Ok, I think i'm finding it impossible to create a VBScript or use a tool to enumerate all the settings which are enabled in all or a specific gpo in a win2k domain from a win2k workstation. am i correct? On 8/10/05, Tom Kern <[EMAIL PROTECTED]> wrote: > I get errors with this script- "the active directory property cannot > be found in the cache" > > I'm running win2k native mode domain. > > thanks. sorry to bother. > > On 8/10/05, Alain Lissoir <[EMAIL PROTECTED]> wrote: > > For 1/, try this one below. For 2/ I don't have one close but I'm sure some > > folks here can feed you ... > > > > The script doesn't dump in a text file, but that's an easy addition. HTH > > > > ' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir > > ' > > ' WSH Script browsing the 'DefaultNamingContext' and the > > 'configurationNamingContext' > > ' to retrieve the Group Policies linked to AD objects. > > ' This should facilitate the search of created policies in the Active > > Directory. > > ' > > ' The script is using a basic LDAP access in the current user context, > > ' so, you should have enough rights to access AD objects. > > ' > > ' Change in version 1.04 > > ' > > ' - Add an error Handler in the "ShowMemberInfo" Private Sub > > ' > > ' Change in version 1.02 > > ' > > ' - Query the schema to get the property list associated to the > > 'groupPolicyContainer' class. > > ' - Display only the defined properties for that class. > > ' - For the defined properties, the scripts shows the syntax to be used by > > the property. > > ' - Take in account the fact that more than one policy can be defined at the > > container level. > > ' > > ' Change in version 1.01 > > ' > > ' - Add some code to bind to the GPLink LDAP Pointer to extract some > > properties. > > ' > > ' Any comments or questions: EMail:[EMAIL PROTECTED] > > > > Option Explicit > > > > Dim ObjRoot > > Dim Object > > Dim ObjMember > > > > ' > > ------------------------------------------------------------------------ ---- > > ------- > > WScript.Echo > > WScript.Echo "Looking inside 'configurationNamingContext'" > > Set objRoot = GetObject("LDAP://RootDSE") > > Object = objRoot.Get("configurationNamingContext") > > > > Call LookInsideObject (Object) > > > > Set Object = Nothing > > Set objRoot = Nothing > > > > ' > > ------------------------------------------------------------------------ ---- > > ------- > > WScript.Echo > > WScript.Echo "Looking inside 'DefaultNamingContext'" > > Set objRoot = GetObject("LDAP://RootDSE") > > Object = objRoot.Get("DefaultNamingContext") > > > > Call LookInsideObject (Object) > > > > Set Object = Nothing > > Set objRoot = Nothing > > > > WScript.Quit (0) > > > > ' > > ------------------------------------------------------------------------ ---- > > ------- > > Private Sub LookInsideObject (Object) > > > > Dim objMember > > Dim Member > > > > Set objMember = GetObject ("LDAP://" & Object) > > > > if objMember.Class <> "sitesContainer" And _ > > objMember.Class <> "container" And _ > > objMember.Class <> "configuration" _ > > Then Call ShowMemberInfo (objMember) > > > > For Each Member in objMember > > If Member.Class = "domainDNS" Or _ > > Member.Class = "organizationalUnit" Or _ > > Member.Class = "sitesContainer" Or _ > > Member.Class = "site" Or _ > > Member.Class = "container" _ > > Then Call LookInsideObject (Member.Name & "," & Object) > > Next > > > > Set objMember = Nothing > > > > End Sub > > > > ' > > ------------------------------------------------------------------------ ---- > > ------- > > Private Sub ShowMemberInfo (Object) > > > > Dim longStartPolicyPath > > Dim longEndPolicyPath > > Dim strPolicyPathSource > > Dim strPolicyPath > > > > Dim objPolicy > > Dim objPolicyClassDef > > Dim objPolicyProperty > > > > Dim strPropertyName > > > > Object.GetInfo > > > > If Object.GPLink = "" Then > > WScript.Echo Object.Name & " (" & Object.Class & ")" > > WScript.Echo "(No Group Policy Defined)" > > WScript.Echo > > End If > > > > strPolicyPathSource = Object.GPLink > > > > While (strPolicyPathSource <> "") > > > > WScript.Echo Object.Name & " (" & Object.Class & ")" > > > > ' Extract each LDAP pointer from the GPLink. > > longStartPolicyPath = InStr(1, strPolicyPathSource, "[", > > vbTextCompare) > > longEndPolicyPath = InStr(1, strPolicyPathSource, "]", vbTextCompare) > > strPolicyPath = Mid(strPolicyPathSource, longStartPolicyPath + 1, > > longEndPolicyPath - 4) > > strPolicyPathSource = Mid(strPolicyPathSource, longEndPolicyPath + 1) > > > > Set objPolicy = GetObject(strPolicyPath) > > > > objPolicy.GetInfo > > > > WScript.Echo "Found an existing Policy: '" & > > objPolicy.Get("displayName") & "' (" & objPolicy.Class & ")" > > WScript.Echo " GPLink=" & strPolicyPath > > > > Set objPolicyClassDef = GetObject (objPolicy.Schema) > > > > On error Goto ErrorHandler > > > > For Each strPropertyName In objPolicyClassDef.MandatoryProperties > > Set objPolicyProperty = GetObject (objPolicyClassDef.Parent > > + "/" + strPropertyName) > > WScript.Echo " " & strPropertyName & "=" & > > objPolicy.Get(strPropertyName) & " (" & objPolicyProperty.Syntax & ")" > > Set objPolicyProperty = Nothing > > Next > > > > For Each strPropertyName In objPolicyClassDef.OptionalProperties > > Set objPolicyProperty = GetObject (objPolicyClassDef.Parent > > + "/" + strPropertyName) > > WScript.Echo " " & strPropertyName & "=" & > > objPolicy.Get(strPropertyName) & " (" & objPolicyProperty.Syntax & ")" > > Set objPolicyProperty = Nothing > > Next > > > > Set objPolicyClassDef = Nothing > > > > Set objPolicy = Nothing > > > > WScript.Echo > > > > Wend > > > > Exit Sub > > > > ErrorHandler: > > > > WScript.Echo Err.Description & "(" & Err.Number & ")" > > Resume Next > > > > End Sub > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern > > Sent: Wednesday, August 10, 2005 6:19 AM > > To: activedirectory > > Subject: [ActiveDir] 2 quick favors > > > > Does anyone know of a tool to enumerate all GPO's in a domain listing all > > the specific settings enabled that i can spit out to text file. > > the enviorment i work in is all win2k pro/server so GPMC is out. > > Also, gpotool doesn't seem to show specific links and what settings are > > enabled. > > > > Second question is, does anyone have a script that can enumerate all the > > local accounts and groups on domain memeber servers and workstations? > > > > Thanks a lot. > > I apologize for being so needy. > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/