blob: 8d0bb5deeb46f1f172c955e8c6575021b8c61859 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
param (
[string]$DomainName = "contoso.com"
)
$scriptName = $MyInvocation.MyCommand.Name
$logFile = "C:\Logs\${scriptName}_log.txt"
Start-Transcript -Path $logFile -Append
$DomainNameDN = "DC=$($DomainName.Split(".")[0]),DC=$($DomainName.Split(".")[1])"
$DomainUsers = Get-ADGroup "Domain Users"
try {
$GPO1 = New-GPO -Name "TestGPO1"
$GPO2 = New-GPO -Name "TestGPO2"
Set-GPPermission -Name $GPO1.DisplayName -PermissionLevel GpoEditDeleteModifySecurity -TargetName $DomainUsers.Name -TargetType Group
Set-GPPermission -Name $GPO2.DisplayName -PermissionLevel GpoEditDeleteModifySecurity -TargetName $DomainUsers.Name -TargetType Group
Write-Host "[INFO] Created insecure GPOs $($GPO1.DisplayName), $($GPO2.DisplayName) with GpoEditDeleteModifySecurity"
} catch {
Write-Host "[ERR] Failed to create insecure GPOs $($GPO1.DisplayName), $($GPO2.DisplayName) with GpoEditDeleteModifySecurity"
}
try {
New-GPLink -Name $GPO1.DisplayName -Target "$DomainNameDN" -LinkEnabled Yes
New-GPLink -Name $GPO2.DisplayName -Target "$DomainNameDN" -LinkEnabled Yes
Write-Host "[INFO] Created GP links for $($GPO1.DisplayName), $($GPO2.DisplayName) on $DomainNameDN"
} catch {
Write-Host "[ERR] Failed to create GP links for $($GPO1.DisplayName), $($GPO2.DisplayName) on $DomainNameDN"
}
Stop-Transcript
|