Group Policy Preferences are mostly great and frequently used to solve different kind of policy related problems in an it Environment.
There are a few PowerShell cmdlet for GPO’s (28 last time I checked) but only three of them are related to Group Policy Preferences.
.
Case and Solution
A customer of mine wanted to inventory their GPP Drive maps, and get information about what GPO, drive letter, drivepath, security Filtering and so on.
I know there are quite a few solutions that can do this for you, but why not use PowerShell when possible? 🙂
The script is using the GroupPolicy POSH-module which has been around since 2008R2, so this works even there.
It simply gets all Group policies in your domain, checks each policy for drive maps (by checking if Drives.xml exists) and gives you a bit of nice output. (ehh.. could be nicer, but anyway… )
See my examples below:
1. Gives you all Drive Map GPO’s plain and formats the output as a table.
Note: The DriveAction object is not translated to a more friendly name at this time so U, stands for Update, D, for delete and so on. That is also applies on the DrivePersistent output (“Reconnect”).
Update: This is now updated so it gives you a bit of nicer output!
2. Searches for drive maps in a specific GPO.
3. Exports the output to a csv.
.\Get-GPPDriveMaps.ps1 | Export-Csv DriveMaps.csv -NoTypeInformation
Get-GPPDriveMaps.ps1
<#
.SYNOPSIS
The script finds the GPP Drive Maps in your domain.
.NOTES
File Name: Get-GPPDriveMaps.ps1
Author : Johan Dahlbom, johan[at]dahlbom.eu
The script are provided “AS IS” with no guarantees, no warranties, and it confer no rights.
#>
#Import the required module GroupPolicy
try
{
Import-Module GroupPolicy -ErrorAction Stop
}
catch
{
throw "Module GroupPolicy not Installed"
}
$GPO = Get-GPO -All
foreach ($Policy in $GPO){
$GPOID = $Policy.Id
$GPODom = $Policy.DomainName
$GPODisp = $Policy.DisplayName
if (Test-Path "\\$($GPODom)\SYSVOL\$($GPODom)\Policies\{$($GPOID)}\User\Preferences\Drives\Drives.xml")
{
[xml]$DriveXML = Get-Content "\\$($GPODom)\SYSVOL\$($GPODom)\Policies\{$($GPOID)}\User\Preferences\Drives\Drives.xml"
foreach ( $drivemap in $DriveXML.Drives.Drive )
{New-Object PSObject -Property @{
GPOName = $GPODisp
DriveLetter = $drivemap.Properties.Letter + ":"
DrivePath = $drivemap.Properties.Path
DriveAction = $drivemap.Properties.action.Replace("U","Update").Replace("C","Create").Replace("D","Delete").Replace("R","Replace")
DriveLabel = $drivemap.Properties.label
DrivePersistent = $drivemap.Properties.persistent.Replace("0","False").Replace("1","True")
DriveFilterGroup = $drivemap.Filters.FilterGroup.Name
}
}
}
}
The script can of course be extended with a lot more information, and make the output easier to read, but that’s a later project.
/Johan
Tailspintoys - 365lab.net 
Pingback: Get all GPO deployed Printers with PowerShell | Tailspintoys - 365lab.net
Great stuff! A bit disappointed that Microsoft doesn’t cover something as helpful as this in their GroupPolicy module.
Thanks! I’m working on addition GPO Powershell snippets. Let me know if you have a specific request!
Haven’t dug into it, but curious – are preferences solely stored in XML? And if so, would it be possible to manage preference items via PowerShell (e.g. add or remove a Drive Map)? Might be interesting to explore.
Borrowed your workflow and wrote Get-GPPFile and Get-GPPShortcut, but dealing with the filters is a bit less straightforward – i.e. Drive Maps typically get mapped by group; with others I had to add a Filters property to each object that contains a collection of any filters.childnodes.
Cheers!
Thanks! Nice work with your functions, soon we’ll have a complete GP preferences module 🙂
I think it should be possible to for example change Drive Maps through the XML files, but haven’t had the time do dig down to if it works well to create new ones as well.
I’ll see if I can get Darren (the gpoguy on sdmsoftware) to give us un answer.
Do you have a powershell that creates the share drives?
Hi Dennis, Thanks for reading!
I am working hard to get the create part working as well, but since its much more complex and requires lots of time and testing, I’m not quite there yet.
As soon as I am near to finish, I’ll let you know.
Until then you can look in to sdmsoftware.com’s GPO automation toolkit that will let you create the Drive maps preferences as well.
Love the script. Any chance you can pull the targets for the GPO also?
Pingback: PowerShell GPO Reporting: WSUS | Tailspintoys - 365lab.net
Thanks for posting this script. I had been auditing our GPO drive mappings manually each time a change is made. This makes it a breeze. The problem I am having is some of our drive mappings have multiple FilterGroup and FilterOrgUnit per mapping. When this is the case the group or OU variables are blank. Do you have any idea how I can deal with this? I have tried to set up a hash or array but I couldn’t get either of those to work.
I am also very interested in a powershell script creating the mappings as stored in drives.xml to execute as soon as I connect through VPN. Any updates? 🙂
Hello – Checking back in for the “set”-gppshorcut script to edit the xml file. As these settings can be exported to a csv, I am hoping that they can also be imported.
Current example, a manual entry is required GPME\User Configuration\Preferences\Windows Settings\Shortcuts\ -> new shortcut -> Action:Update\Name:Misc\Target Type:URL\Location:Explorer Links\Target URL:Misc.com\etc.
What you do is appreciated immensely!