Policy Analyzer - Compare all settings

jemfernandez

Here's am example script that demonstrates how you can accomplish this:

# Define the names of the GPOs to compare
$referenceGPO = "ReferenceGPO"
$backupGPO = "BackupGPO"

# Get the policies from the reference GPO
$referencePolicies = Get-GPO -Name $referenceGPO | Get-GPOReport -ReportType Xml | Select-Xml -XPath "//GPO/ComputerConfiguration/Settings/*"

# Get the policies from the backup GPO
$backupPolicies = Get-GPO -Name $backupGPO | Get-GPOReport -ReportType Xml | Select-Xml -XPath "//GPO/ComputerConfiguration/Settings/*"

# Compare the policies
$addedPolicies = Compare-Object -ReferenceObject $referencePolicies -DifferenceObject $backupPolicies -Property Name -PassThru | Where-Object { $_.SideIndicator -eq "=>" }
$removedPolicies = Compare-Object -ReferenceObject $referencePolicies -DifferenceObject $backupPolicies -Property Name -PassThru | Where-Object { $_.SideIndicator -eq "<=" }

# Display the added policies
Write-Host "Added Policies:"
$addedPolicies | ForEach-Object { Write-Host $_.Name }

# Display the removed policies
Write-Host "Removed Policies:"
$removedPolicies | ForEach-Object { Write-Host $_.Name }
```

In this script, you need to replace "ReferenceGPO" and "BackupGPO" with the actual names of the GPOs you want to compare. The script retrieves the policies of each GPO using `Get-GPO` and `Get-GPOReport` cmdlets. Then, it compares the policies using `Compare-Object` and filters the added and removed policies based on the `SideIndicator` property.

The added policies are displayed first, followed by the removed policies. You can modify the script to suit your specific requirements, such as comparing user configuration policies or exporting the results to a file.

Note: The script compares the policies at the computer configuration level. If you want to compare user configuration policies, you can modify the XPath expression to "//GPO/UserConfiguration/Settings/*".