Jump to content


Fraeco

Compliance check GPO with WQL

Recommended Posts

Hi!

I'm trying to get compliance going because of an ongoing audit on our servers. One of the requirements is that a certain GPO is applied. I figured I'd query the ROOT\RSOP\COMPUTER namespace for RSOP_GPO. This class has the GPO name and it's enabled/disabled state.

 

I tried my WMI query and below powershell snippet returns me the GPO's that are listed in a GPRESULT on the server.

$query = "Select name,enabled from RSOP_GPO where enabled = true"
$namespace = "ROOT\RSOP\COMPUTER"
Get-WmiObject -Query $query -Namespace $Namespace | select name,enabled

I then created a CI with the following settings

  • Setting type: WQL query
  • Data type: string
  • Namespace: ROOT\RSOP\COMPUTER
  • Class: RSOP_GPO
  • Property: name
  • WQL query WHERE clause: enabled = 'true'

The hard part is getting the rule to comply. I tried the following rules: "one of: GPO name", "Contains: GPO Name", "Equals: GPO Name".

When I look up the report on my client I can see that the GPO rule is non-compliant I get the following results.

expression           current value            rule type
Contains GPO Name    Default Domain Policy    Value
Contains GPO Name    Local Group Policy       Value
Contains GPO Name    Some other GPO           Value
Contains GPO Name    Another extra GPO        Value

Strange thing is though that the GPO I'm querying against isn't in the list but I know for certain that it's applied and active.

I don't really know how to advance from here on out so I was hoping any of you guys had an insight I'm missing.

Thanks in advance!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.