Audit Domain based Group Policies


Group Policy Objects contain sensitive configuration information which can be viewed by default by at least all members of the Domain.
Misconfigurations of Group Policy settings or its content can have a huge impact on the environment.
A periodic audit is advised.

List Group Policies in the Domain

Powershell (Remark: you need the RSAT tools installed to run this command)

get-gpo -all | export-csv allgpos.csv

You can target your auditing based on the creation and modification time.

To get a detailed report for a specific policy you can use the get-gporeport commandlet.

Get-GPOReport -Guid 6ac1786c-016f-11d2-945f-00c04fb984f9 -ReportType html > ddcp.html