Re: GPRESULT not working from remote computer
- From: "Darren Mar-Elia" <dmanonymous@xxxxxxxxxxxxx>
- Date: Wed, 22 Aug 2007 12:03:57 -0700
Well, sadly my VBScript was a little rusty but it did manage to come back to me :-). Here is a script that does what you want:
Set GPM = CreateObject("GPMgmt.GPM")
Set Constants = GPM.GetConstants()
Set gpmRSOP = GPM.GetRSOP(Constants.RSOPModeLogging,"",0)
gpmRSOP.LoggingComputer = "XP3"
outputPath = "c:\windows\temp\xp3report.htm"
gpmRSOP.LoggingFlags = Constants.RsopLoggingNoUser
gpmRSOP.CreateQueryResults
gpmRSOP.GenerateReportToFile Constants.ReportHTML,outputPath
In the line that says gpmRSOP.LoggingComputer =, you replace that with the machine you want to connect to. You could pass that as an argument to the script of course. the outputPath is simply the location you want to store the RSOP report, in HTML format. Let me know if you have any questions.
Darren
--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
Script Group Policy Settings with the GPExpert Scripting Toolkit for PowerShell!
Find out more at http://www.sdmsoftware.com/products2.php
Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy Information Hub:
FAQs, Training Videos, Whitepapers and Utilities for all things Group
Policy-related
"Jos Rossiau" <JosRossiau@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:7BF9B763-4FB2-4D3A-B396-316C3333C6FC@xxxxxxxxxxxxxxxx
Hi,
Thanks for your reply.
I already kinda figured out I had to find a user who had logged on
interactively on the servers. However, there is no single user who has logged
on to every server. A bunch of administrators are responsible for these
servers.
I am trying to rewrite the script to check hkey_users for users s1-5-21 and
then use sid2user to get the username and domain from it. I can then use
those names to try to get gpresult to work with the /USER option. The /U can
be any other administrator. If one of the users succeeds, then i can skip the
other users.
I hope this will work.
I don't think local accounts will work, do you? I tried local administrator
/USER <servername\administrator> but it gave me the same error. So i'll focus
the script on domain users only.
I have absolutely no knowledge about scripting the gpmc. This script looks
daunting, it probably is easier for me to write, as it is technically not so
advanced.
Do you have any good sources on scripting the gpmc?
Kind regards,
Jos Rossiau
"Darren Mar-Elia" wrote:
What you've found is a quirk in the way gpresult works. Even if you are only
interested in collecting RSOP data for the remote computer, the tool looks
for RSOP data for your current user account that you're using to run the
command on that remote machine, and bails out if it doesn't find it (meaning
you've never logged on interactively with that account on that remote
machine). So, in order to get this to work, you need to specify a user
account on the /USER option that you know has always logged into the remote
system. Or, I suppose you could also just ignore using the /USER option but
rather always run your script in the context of a user who has always logged
into those remote systems. The other alternative is to use GPMC scripting to
accomplish this, instead of gpresult.
--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
Script Group Policy Settings with the GPExpert Scripting Toolkit for
PowerShell!
Find out more at http://www.sdmsoftware.com/products2.php
Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
Information Hub:
FAQs, Training Videos, Whitepapers and Utilities for all things Group
Policy-related
"Jos Rossiau" <JosRossiau@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E63EBE7E-07F5-4F72-BEAA-5487BB207C57@xxxxxxxxxxxxxxxx
> Hello,
>
> I have written a little script that checks and reports what group > policies
> have been applied to a number of servers.
>
> In short the scripts runs the following command foreach of the servers:
>
> gpresult /S <servername> /U <domain\userid /> /P <password> /SCOPE
> COMPUTER
> /USER <domain\userid>
>
> When I run the script (or gpresult manually) I get the error message:
>
> INFO: The user "domain\userid" does not have RSOP data.
>
> When I log on locally or via RDP to this server I can run gpresult.
> When I log off and rerun the script, the server I have logged on to is
> succesful, but the other servers I have not yet logged on to are not.
>
> I figured this would be caused by a lack of a userprofile on the local
> computer, so I embeded a psexec -e (the one that creates a profile, not
> the
> newest that avoids creating a profile on the remote computer) command > in
> the
> script to create a userprofile on the remote computer before running
> gpresult
> on it.
>
> This did however not work, a userprofile directory was created, but > that
> was
> not adequate for gpresult to work correctly. The only difference with
> loging
> on locally or via RDP was that the user did not get its own registrykey
> under
> HKEY_USERS.
>
> It looks like gpresult wants to check the HKEY_USERS\<SID of user> to
> check
> for user gpo's applied.
>
> Although I only want to check computer policies, the lack of possiblity > to
> check user policies for the user is stopping me.
>
> Does anyone know how I can have the userprofile load correctly, > including
> creating the HKEY_USERS\usersid key from a commandline (preferably
> remote)?
>
> Is there any other way of getting the same info as gpresult /S
> <servername>
> /SCOPE COMPUTER ?
>
> Any help would be appreciated, instead of having to log on > interactively
> at
> all my servers.
>
> Greetings,
>
> Jos Rossiau
>
>
>
.
- References:
- Re: GPRESULT not working from remote computer
- From: Darren Mar-Elia
- Re: GPRESULT not working from remote computer
- From: Jos Rossiau
- Re: GPRESULT not working from remote computer
- Prev by Date: Re: GPRESULT not working from remote computer
- Next by Date: desktop shortcut via group policy
- Previous by thread: Re: GPRESULT not working from remote computer
- Next by thread: desktop shortcut via group policy
- Index(es):
Relevant Pages
|
