Copy computers from GPO Security Filtering to a security group (members)

Copy Computer Objects from GPO Security Filtering in a Group Membership

The goal is to copy computer objects from GPO Security Filtering into a security group (members). The script can also be used for reporting by adding additional parameters.

# Jörn Walter www.der-windows-papst.de

$ GPO = “WSUS clients”
$ Compis = Get-GPPermission -Name $ GPO -TargetType Computer -all | ? {$ _. Trustee.SidType -eq 'Computer'}

foreach ($ Compi in $ Compis) {

$ Obj = New-Object -TypeName PSObject -Property @ {

GPOName = $ GPO
AccountName = $ ($ Compi.Trustee.Name)
AccountType = $ ($ Compi.Trustee.SidType.ToString ())
Permissions = $ ($ Compi.Permission)
}
$ Obj | Select GPOName, AccountName, AccountType, Permissions
Add-ADGroupMember “GP-Carbon-Black” -Members $ Compi.Trustee.Name
}

Delete computer objects from GPO Security Filtering

Vulnerability CryptoAPI CVE-2020-0601