Forum Discussion
jemfernandez
Jun 28, 2023Copper Contributor
Powershell Script to compare all 3000+ policies
Hi everyone, Is there a way we can compare 3000+ policies of 2 GPOs (Backup GPO) using PowerShell? Thank you.
LeonPavesic
Silver Contributor
Hi jemfernandez, Here's an example script that demonstrates how you can accomplish this: # Define the names of the GPOs to compare $referenceGPO = "ReferenceGPO" $backupGPO = "BackupGPO" # Get the policies from the reference GPO $referencePolicies = Get-GPO -Name $referenceGPO | Get-GPOReport -ReportType Xml | Select-Xml -XPath "//GPO/ComputerConfiguration/Settings/*" # Get the policies from the backup GPO $backupPolicies = Get-GPO -Name $backupGPO | Get-GPOReport -ReportType Xml | Select-Xml -XPath "//GPO/ComputerConfiguration/Settings/*" # Compare the policies $addedPolicies = Compare-Object -ReferenceObject $referencePolicies -DifferenceObject $backupPolicies -Property Name -PassThru | Where-Object { $_.SideIndicator -eq "=>" } $removedPolicies = Compare-Object -ReferenceObject $referencePolicies -DifferenceObject $backupPolicies -Property Name -PassThru | Where-Object { $_.SideIndicator -eq "<=" } # Display the added policies Write-Host "Added Policies:" $addedPolicies | ForEach-Object { Write-Host $_.Name } # Display the removed policies Write-Host "Removed Policies:" $removedPolicies | ForEach-Object { Write-Host $_.Name } In this script, you need to replace "ReferenceGPO" and "BackupGPO" with the actual names of the GPOs you want to compare. The script retrieves the policies of each GPO using Get-GPO and Get-GPOReport cmdlets. Then, it compares the policies using Compare-Object and filters the added and removed policies based on the SideIndicator property. The added policies are displayed first, followed by the removed policies. You can modify the script to suit your specific requirements, such as comparing user configuration policies or exporting the results to a file. Note: The script compares the policies at the computer configuration level. If you want to compare user configuration policies, you can modify the XPath expression to "//GPO/UserConfiguration/Settings/*". Kindest regards Leon Pavesic
jemfernandez
Jun 28, 2023Copper Contributor
Hi LeonPavesic
Thank you for sharing the script. This is very much appreciated.
Get-GPOReport will only show applied policy settings. I would like to have all policies around 3000+ (including applied and not applied) to be displayed. Is it possible?
Thank you in advance.
Thank you for sharing the script. This is very much appreciated.
Get-GPOReport will only show applied policy settings. I would like to have all policies around 3000+ (including applied and not applied) to be displayed. Is it possible?
Thank you in advance.