In administering Active Directory Group Policy, you sometimes find that you need to find all GPOs that are configuring a specific setting. Here is a simple process you can follow to export all your GPOs, and then easily search within them to find all GPOs that are configuring a specific setting.
- Export all the GPOs into individual HTML reports.
- On a DC, make a folder called C:\GPOReports.
- Run with PowerShell:
Get-GPO -all | foreach-object {Get-GPOReport -GUID $_.id -ReportType HTML -Path "C:\GPOReports\$($_.DisplayName).html"}- Use File Explorer to open the folder that has the exported GPO HTML reports.
- Make sure File Explorer is searching the ‘File contents’ like in the following picture.
- In File Explorer, search for text like “LOG ON AS A BATCH JOB” and the search will show each GPO that has that settings being used.
- Special characters may cause the search to fail, so remove any special characters from your search.
- Then you can use your browser to open the HTML GPO Report and see exactly where that setting is.