Delete computer objects from GPO Security Filtering

Delete Computer Objects from GPO Security Filtering

The goal is to delete all computer objects from security filtering. The script can also be used for reporting by adding additional parameters.

# Jörn Walter https://www.der-windows-papst.de
$ GPO = “WSUS clients”
$ Compis = Get-GPPermission -Name $ GPO -TargetType Computer -all | ? {$ _. Trustee.SidType -eq 'Computer'}

foreach ($ Compi in $ Compis) {

$ Obj = New-Object -TypeName PSObject -Property @ {

GPOName = $ GPO
AccountName = $ ($ Compi.Trustee.Name)
AccountType = $ ($ Compi.Trustee.SidType.ToString ())
Permissions = $ ($ Compi.Permission)
}
$ Obj | Select AccountName, AccountType, Permissions

Set-GPPermission -Name “$ GPO” -TargetName $ Compi.Trustee.Name -PermissionLevel None -TargetType Computer -Verbose

}

Copy computers from GPO Security Filtering to a security group (members)