- 1 year ago
How to query Security Policy with AdsiSearcher in powershell?
Comment
1 / 1
To query Security Policy with AdsiSearcher in PowerShell, you can use the following code:
powershell$searcher = [adsisearcher]'(&(objectCategory=groupPolicyContainer)(displayName="Default Domain Policy"))'
$searcher.SearchScope = 'Base'
$searcher.PropertiesToLoad.AddRange(('gPCUserExtensionNames','gPCMachineExtensionNames'))
$results = $searcher.FindAll()
foreach ($result in $results) {
$groupPolicyContainer = $result.GetDirectoryEntry()
# Retrieve the security settings
$securityDescriptor = $groupPolicyContainer.PSBase.ObjectSecurity
# Access and modify the security settings as needed
# For example, you can retrieve the Access Control List (ACL) using $securityDescriptor.GetSecurityDescriptorSddlForm("All")
# Display the security settings
Write-Host "Security Descriptor:"
Write-Host $securityDescriptor.GetSecurityDescriptorSddlForm("All")
}
$results.Dispose()
This code searches for the "Default Domain Policy" group policy object (GPO) and retrieves its security settings. You can modify the code to search for a different GPO or customize the retrieval and manipulation of the security settings as needed.