• S.Ergül

How to Check GPO That Applied to Clients via SCCM

Hi Folks, As you know sometimes we need to check a gpo that is applied to client or not ? There is not too much application to find an answer for that until today. Today, we will use Configuration manager to find a gpo which client applied which client is not. Let's start.


  1. First of all we need gpo's name but it must same as on GPO managemen console.On my example ı used windows firewall settings


2. Then we run a powershell which is creates a cab files that contains configuration baseline that will be added to configuration manager. Then it outputs baseline items to the folder where script was running and these baseline itens include all details about gpo.(ıf you get any error on this step, please check Gpo's name is the same on GPO management console)

Powershell File.

Convert-GPOtoCI.ps1 -GpoTarget "Windows Firewall" -DomainTarget contoso.com -SiteCode T01 -ExportOnly

3. Then we adde these baseline item to configuration manager. Open Configuration manager then go to Asset and Compliance \ Compliance Settings and right click then select Import Configuration Data.

Then add relate cab file and click next. we successfully added baseline to configuration manager.


4. Now, we will create a configuration baseline which include our cab file. Go to Configuration Baselines then right click and select Create Configuration Baseline.


Then write Name of it then click Add select Configuration Item then click OK.

6. After all steps done, we will deploy this baseline to our test collection after couple of times we will see clients will return as compliant if all related fields on the gpo is the same as on clients side. if ti is not it will return as non-comliant.


Source - https://github.com/SamMRoberts/Convert-GPOtoCI



459 görüntüleme0 yorum

Son Paylaşımlar

Hepsini Gör