Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Find missing, bad, old ADMX files #22

Open
PrzemyslawKlys opened this issue Jul 13, 2021 · 7 comments
Open

Find missing, bad, old ADMX files #22

PrzemyslawKlys opened this issue Jul 13, 2021 · 7 comments
Labels
enhancement New feature or request

Comments

@PrzemyslawKlys
Copy link
Member

No description provided.

@PrzemyslawKlys PrzemyslawKlys added the enhancement New feature or request label Jul 13, 2021
@Karl-WE
Copy link

Karl-WE commented Feb 18, 2023

Hi @PrzemyslawKlys how about having a Script to remove adm files from GPOs
Done so lately after a successful session with your awesome tool.

The removal is simple on FS

#Fetch Domain Name with either Resolve-DNSName or Get-ADDomain (latter has a module requirement) 
#how-to to handle multi Domain? 
[string]$DomainameFQDN = 

#Locate Policies folder in sysvol 
[string]$SysvolLocation = 

#Fetch and remove adm templates
[array]$ADMFiles = Get-Childitem *.adm -Files - Recurse | Remove-Item -force - confirm:$false

#ToDo Find a way to remove the from being linked in GPOs 
#as a workaround: log output of path where they were found 

$ADMFiles.Directory | Get-Unique

I hope this isn't a duplicate report or implemented, could not find it. Code snipped may contain errors. Written from the top of my mind how I solved it.

@Karl-WE
Copy link

Karl-WE commented Feb 18, 2023
edited
Loading

Remote related #41

@Karl-WE
Copy link

Karl-WE commented Feb 18, 2023

I would be also thinking about how to find old (outdated ADMX and remove them from from the store) maybe the other project that's updating them could join forces to cleanup old ones.

@PrzemyslawKlys
Copy link
Member Author

For ADM files:

  • Get-GPOZaurrLegacyFiles
  • Remove-GPOZaurrLegacyFiles
  • Invoke-GPOZaurr -Type SysVolLegacyFiles

For ADMX cleanup - I started playing with it a while ago, but couldn't decide on the best approach. I have my own idea on ADMX but if someone wants to help - go ahead ;)

@PrzemyslawKlys
Copy link
Member Author

Also for ADM files:

  • Get-GPOZaurrFiles
  • Invoke-GPOZaurr -Type GPOFiles - which does a more insight analysis and shows the user where some files may be misplaced

For ADMX:

  • Get-GPOZaurrFilesPolicyDefinition - but that's just whether signature matches

@Karl-WE
Copy link

Karl-WE commented Feb 18, 2023
edited
Loading

The legacy files thing is what I searched for. We went through the invoke-GPOzaurr twice but were not able to find the tab.

Could you help Przemek?

@PrzemyslawKlys
Copy link
Member Author

PrzemyslawKlys commented Feb 18, 2023
edited
Loading

Ye, just run Invoke-GPOZaurr -Type SysVolLegacyFiles. It's not enabled by default. You have to explicitly ask for it. Not all GPO reports are enabled by default. There are also others which are disabled for different reasons.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@PrzemyslawKlys @Karl-WE