Structuring Get-GPResultantSetOfPolicy
hello everyone, new @ trying parse xml data powershell , starting beat head on something.
i generate report using get-gpresultingsetofpolicy , parse data out csv type format along lines of :
gpo name
path setting
setting, value
i able readh in content using:
[xml]$xmldocument = (get-content "c:\data\gp.xml")
then pull content using:
$xmldocument.rsop.userresults.extensiondata.extension.childnodes | foreach-object {$_.name ; $_.innertext};
however inner text lumped on return:
q5:registryrsopsetting
{8343861a-85ca-4b8b-bd0a-03db1e3ba161}corp.contoso.com1ietournoshowcn={8343861a-85ca-4b8b-bd0a-03db1e3ba161},cn=policies,cn=system,dc=com,dc=contoso,dc=comou=computers,ou=corp,ou=sites,dc=corp,dc=con
toso,dc=com{bee07a6a-ec9f-4659-b8c9-0b1937907c83}{b087be9d-ed37-454f-af9c-04291e351182}contosogpo-3{8343861a-85ca-4b8b-bd0a-03db1e3ba161}{aa36dd3f-619d-4902-98bb-5af2abd1bbf0}120151026134241.699000+0
00rsop_polmkrregistrysetting.polmkrhive="hkey_current_user",polmkrkey="software\microsoft\internet explorer\main",polmkrdefault="0",polmkrname="ietournoshow"{9cd4b2f4-923d-47f5-a062-e897dd1dad50}ieto
urnoshowietournoshow122014-08-07 19:11:02{8071a6b0-9984-4ffc-bbe1-139191e537b7}1u00hkey_current_usersoftware\microsoft\internet explorer\mainietournoshowreg_dword00000001u000000001hkey_current_userso
ftware\microsoft\internet explorer\mainietournoshowreg_dwordvalue00x00000000the operation completed successfully.
ideally pull each individual innertext , relate parent node. here's snippet of xml working with.
hope makes sense! any ideas or pointers appreciated!
<?xml version="1.0" encoding="utf-16"?> <rsop xmlns:xsd="http://www.w3.org/2001/xmlschema" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xmlns="http://www.microsoft.com/grouppolicy/rsop"> <readtime>2015-11-09t17:55:48.5091125z</readtime> <datatype>loggeddata</datatype> <userresults> <version>2228228</version> <name>domain\user</name> <domain>corp.contoso.com</domain> <som>corp.contoso.com/sites/corp/users</som> <site>corp</site> <slowlink>false</slowlink> <extensiondata> <extension xmlns:q5="http://www.microsoft.com/grouppolicy/settings/windows/registry" xsi:type="q5:registrysettings" xmlns="http://www.microsoft.com/grouppolicy/settings"> <q5:registryrsopsetting> <gpo xmlns="http://www.microsoft.com/grouppolicy/settings/base"> <identifier xmlns="http://www.microsoft.com/grouppolicy/types">{8343861a-85ca-4b8b-bd0a-03db1e3ba161}</identifier> <domain xmlns="http://www.microsoft.com/grouppolicy/types">corp.contoso.com</domain> </gpo> <precedence xmlns="http://www.microsoft.com/grouppolicy/settings/base">1</precedence> <q5:baseinstancexml classname="rsop_polmkrregistrysetting"> <q5:property name="name"> <q5:value>ietournoshow</q5:value> </q5:property> <q5:property name="gpoid"> <q5:value>cn={8343861a-85ca-4b8b-bd0a-03db1e3ba161},cn=policies,cn=system,dc=com,dc=contoso,dc=com</q5:value> </q5:property> <q5:property name="somid"> <q5:value>ou=computers,ou=corp,ou=sites,dc=corp,dc=contoso,dc=com</q5:value> </q5:property> <q5:property name="polmkrbasegpeguid"> <q5:value>{bee07a6a-ec9f-4659-b8c9-0b1937907c83}</q5:value> </q5:property> <q5:property name="polmkrbasecseguid"> <q5:value>{b087be9d-ed37-454f-af9c-04291e351182}</q5:value> </q5:property> <q5:property name="polmkrbasegpodisplayname"> <q5:value>contosogpo-3</q5:value> </q5:property> <q5:property name="polmkrbasegpoguid"> <q5:value>{8343861a-85ca-4b8b-bd0a-03db1e3ba161}</q5:value> </q5:property> <q5:property name="id"> <q5:value>{aa36dd3f-619d-4902-98bb-5af2abd1bbf0}</q5:value> </q5:property> <q5:property name="precedence"> <q5:value>1</q5:value> </q5:property> <q5:property name="creationtime"> <q5:value>20151026134241.699000+000</q5:value> </q5:property> <q5:property name="polmkrbasehash"> <q5:value>rsop_polmkrregistrysetting.polmkrhive="hkey_current_user",polmkrkey="software\microsoft\internet explorer\main",polmkrdefault="0",polmkrname="ietournoshow"</q5:value> </q5:property> <q5:instance classname="rsop_polmkrregistryitem"> <q5:property name="polmkrclassclsid"> <q5:value>{9cd4b2f4-923d-47f5-a062-e897dd1dad50}</q5:value> </q5:property> <q5:property name="polmkrclassname"> <q5:value>ietournoshow</q5:value> </q5:property> <q5:property name="polmkrclassstatus"> <q5:value>ietournoshow</q5:value> </q5:property> <q5:property name="polmkrclassimage"> <q5:value>12</q5:value> </q5:property> <q5:property name="polmkrclasschanged"> <q5:value>2014-08-07 19:11:02</q5:value> </q5:property> <q5:property name="polmkrclassuid"> <q5:value>{8071a6b0-9984-4ffc-bbe1-139191e537b7}</q5:value> </q5:property> <q5:property name="polmkrclassbypasserrors"> <q5:value>1</q5:value> </q5:property> <q5:property name="polmkraction"> <q5:value>u</q5:value> </q5:property> <q5:property name="polmkrdisplaydecimal"> <q5:value>0</q5:value> </q5:property> <q5:property name="polmkrdefault"> <q5:value>0</q5:value> </q5:property> <q5:property name="polmkrhive"> <q5:value>hkey_current_user</q5:value> </q5:property> <q5:property name="polmkrkey"> <q5:value>software\microsoft\internet explorer\main</q5:value> </q5:property> <q5:property name="polmkrname"> <q5:value>ietournoshow</q5:value> </q5:property> <q5:property name="polmkrtype"> <q5:value>reg_dword</q5:value> </q5:property> <q5:property name="polmkrvalue"> <q5:value>00000001</q5:value> </q5:property> <q5:property name="polmkractionresolved"> <q5:value>u</q5:value> </q5:property> <q5:property name="polmkrdefaultresolved"> <q5:value>0</q5:value> </q5:property> <q5:property name="polmkrvalueresolved"> <q5:value>00000001</q5:value> </q5:property> <q5:property name="polmkrhiveresolved"> <q5:value>hkey_current_user</q5:value> </q5:property> <q5:property name="polmkrkeyresolved"> <q5:value>software\microsoft\internet explorer\main</q5:value> </q5:property> <q5:property name="polmkrnameresolved"> <q5:value>ietournoshow</q5:value> </q5:property> <q5:property name="polmkrtyperesolved"> <q5:value>reg_dword</q5:value> </q5:property> <q5:property name="polmkrappliestoresolved"> <q5:value>value</q5:value> </q5:property> <q5:property name="polmkrclassresultcodevalue"> <q5:value>0</q5:value> </q5:property> <q5:property name="polmkrclassresultcode"> <q5:value>0x00000000</q5:value> </q5:property> <q5:property name="polmkrclassresulttext"> <q5:value>the operation completed successfully.</q5:value> </q5:property> <q5:values /> <q5:attributes /> <q5:members /> </q5:instance> <q5:values /> <q5:attributes /> <q5:members /> </q5:baseinstancexml> </q5:registryrsopsetting> </extension> <name xmlns="http://www.microsoft.com/grouppolicy/settings">windows registry</name> </extensiondata> </userresults> </rsop>
find specific value name:
$ns=@{q5='http://www.microsoft.com/grouppolicy/settings/windows/registry'} select-xml -xml $xml -xpath '//q5:baseinstancexml/q5:instance/q5:property[@name="polmkrclassclsid"]' -namespace $ns |%{$_.node.value
Comments
Post a Comment