[gptalk] Determining group associated with a GPO

  • From: "Northwood, Ian" <Ian.Northwood@xxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Tue, 30 Sep 2008 15:49:29 +0100

Folks,
 
As part of a licensing audit, I have been asked to build a script to 
interrogate installed software on machines. Easy enough. However, we want to be 
able to determine which apps were installed per-user by Group Policy and 
whether the user concerned is in the group associated with the package.
 
How do I query AD to determine the group associated with the GPO, given that I 
know:
 
- all the users who have had software pushed to them having logged into the 
machine (I loop through 
'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\[User's
 SIDs]\Installer\Products\[PackedProductCode])
- the GPO name and its GUID
- the ProductCode, its packed form and its octet/byte array form
 
The idea is that we produce a list of accounts who appear in the registry as 
having had 'Package X' installed but who are not in the associated group.

Liverpool Victoria Friendly Society Ltd. Registered in England and Wales. 
Registered Office: County Gates Bournemouth England, BH1 2NF, No.61 Coll. 
Financial Services Authority Register number 110035.

This email (and any attachments):

- is for its intended recipients only and may contain confidential and/or 
legally privileged information. If received in error, any use of this email is 
prohibited. 
Please delete it (and any copies) and notify us on +44(0)1202 292333, ext. 
4044.  

-  is believed to be free of any virus or other defect but internet 
communications cannot be guaranteed to be secure or error free and we do not 
accept any liability for any loss or damage from their receipt or use.  
Opinions expressed in this email are not necessarily those of the Society. 

LV= and Liverpool Victoria are trade marks of Liverpool Victoria Friendly 
Society Limited and LV= and LV= Liverpool Victoria are trading styles of the 
Liverpool Victoria group of companies. 
LV= reserves the right to monitor and inspect emails sent to and by its 
employees.  To find out more about us please visit: www.lv.com


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

Other related posts: