Guys After long Gap again i started posting my scripts in this blog. from this post i am staring GPO Scripting with small intro about GPMC lib also.
The Group Policy Management Console (GPMC) provides a comprehensive set of COM interfaces that you can use to script many of the operations supported by the console
Group Policy Management Console (GPMC), which provides a Microsoft Management Console (MMC)—based UI for easy management of Windows Server 2003 and Windows 2000 Group Policy. The GPMC represents a big step forward in Group Policy Object (GPO) management capabilities as compared with Win2K's native tools. With the native tools, scripting GPO management is difficult. However, GPMC includes a set of scripting interfaces for automating many common GPO management tasks. Using these scripting interfaces, you can manage the Group Policy environment, including generating reports of GPO settings, creating and copying GPOs, and finding unlinked GPOs. Microsoft provides several GPMC scripts that cover many common scripting tasks. You can also create your own scripts to perform custom GPO management tasks.
Although you can manage Win2K domain-based Group Policies, GPMC runs only on Windows 2003 and Windows XP Professional computers. (For more information about GPMC's requirements and features, see "Windows Server 2003's Group Policy Management Console," July 2003, http://www.winnetmag.com, InstantDoc ID 39190.) You can download the GPMC from the Microsoft Download Center (http://www.microsoft.com/downloads/details.aspx?familyid=f39e9d60-7e41-4947-82f5-3330f37adfeb&displaylang=en). When you install the GPMC, the system creates a folder called Scripts, which contains all the prewritten GPMC scripts. On a Windows 2003 or XP client, this folder is in the %programfiles%\gpmc directory. The main administrative scripts have a .wsf extension, which is one of the file formats associated with Windows Script Host (WSH). Scripts with the .wsf extension are XML-formatted files that can call other scripts written in VBScript or JScript, which means that one script can take advantage of both the VBScript and JScript scripting engines. For the scripts in this article, I use VBScript without relying on .wsf files.
The GPMC interfaces are implemented in gpmgmt.dll, which resides in the %programfiles%\gpmc directory. Microsoft geared these interfaces toward automating the GPMC functions as well as managing GPOs. Thus, you can use the interfaces not only to script GPMC operations such as creating mapping tables for GPO migrations but also to query and modify GPOs. However, the GPMC interfaces don't let you read or configure policy settings within a GPO. For example, you can't create a script that enables the Remove Run from Start Menu Administrative Template policy within a GPO. This limitation is unfortunate; nonetheless, the GPMC interfaces still provide a level of automation that surpasses what has been available to date. Let's take a look at how to get started with GPMC scripting and how you can use the GPMC objects to perform various administrative tasks, such as retrieving permissions for a GPO and obtaining Resultant Set of Policies (RSoP) reports.
Listing 1: Code That Creates the GPM and GPMConstants Objects
Set GPMC = CreateObject("GPMgmt.GPM")
Set Constants = GPMC.GetConstants()
Listing 2: GetGPOPerms.vbs
Set GPMC = CreateObject("GPMgmt.GPM")
Set Constants = GPMC.GetConstants()
Set GPMCDomain = GPMC.GetDomain("mycompany.net", "", Constants.UseAnyDC)
Set MyGPO = GPMCDomain.GetGPO("{31B2F340-016D-11D2-945F-00C04FB984F9}")
Set GPOSec = MyGPO.GetSecurityInfo()
For indx=1 to GPOSec.Count
Set Ace = GPOSec.Item(indx)
Set UsrorGrp= Ace.Trustee
PrincipalName=UsrorGrp.TrusteeName
Select Case Ace.Permission
Case Constants.permGPOApply
Perm="Read and Apply Group Policy"
Case Constants.permGPOEdit
Perm="Edit Group Policy"
Case Constants.permGPOEditSecurityAndDelete
Perm="Edit Group Policy, Modify Security and Delete Group Policy"
Case Constants.permGPORead
Perm="Read Group Policy"
Case Constants.permGPOCustom
Perm="Custom Permission"
End Select
WScript.Echo "The User or Group: " & PrincipalName & _
" has the following permission: " & Perm
Next
Listing 3: RSoPLogging.vbs
Set GPMC = CreateObject("GPMgmt.GPM")
Set Constants = GPMC.GetConstants()
Set RSOP= GPMC.GetRSOP(Constants.RSOPModeLogging,"",0)
RSOP.LoggingComputer="myworkstation"
RSOP.LoggingUser="darren"
RSOP.CreateQueryResults()
RSOP.GenerateReportToFile Constants.ReportHTML,"c:\reports\myrsop.html"
