PowerShell Script to Extract Info From ADMX

Note: This script may need tweaking to handle all ADMX content scenarios. If in-doubt compare output with gpedit.msc, and adjust script as necessary.

Also currently this doesn’t handle special characters in the explanation text, they will come back as question marks.

This also provides some examples of querying XML content via PowerShell.

How this works:

1) scans the $policyDir for .ADMX file

2) under the language folder i.e. en-US the appropriate ADML file is opened to translate the parameters in the ADMX to the local language.

3) adds the contents to a DataTable which is exported to CSV at the end.

4) PowerShell is very slow at loops, so this is not very high performance method and will take a while to process all the files.

It is possible to extract more information out of the ADMX then is here. Examine the contents of $policy variable within loop for example.

$policyDir = "$($env:windir)\policyDefinitions" $language = "en-US" $outputfilename = "C:\support\group_policy.csv" $table= New-Object System.Data.DataTable [void]$table.Columns.Add("ADMX") [void]$table.Columns.Add("Parent Category") [void]$table.Columns.Add("Name") [void]$table.Columns.Add("Display Name") [void]$table.Columns.Add("Class") [void]$table.Columns.Add("Explain Text") [void]$table.Columns.Add("Supported On") [void]$table.Columns.Add("Key") [void]$table.Columns.Add("Value Name") $admxFiles = Get-ChildItem $policyDir -filter *.admx ForEach ($file in $admxFiles) { [xml]$data=Get-Content "$policyDir\$($file.Name)" [xml]$lang=Get-Content "$policyDir\$language\$($file.Name.Replace(".admx",".adml"))" $policyText = $lang.policyDefinitionResources.resources.stringTable.ChildNodes $data.PolicyDefinitions.policies.ChildNodes | ForEach-Object { $policy = $_ if ($policy -ne $null) { if ($policy.Name -ne "#comment") { "Processing policy $($policy.Name)" $displayName = ($policyText | Where-Object { $_.id -eq $policy.displayName.Substring(9).TrimEnd(')') }).'#text' $explainText = ($policyText | Where-Object { $_.id -eq $policy.explainText.Substring(9).TrimEnd(')') }).'#text' if ($policy.SupportedOn.ref.Contains(":")) { $source=$policy.SupportedOn.ref.Split(":")[0] $valueName=$policy.SupportedOn.ref.Split(":")[1] [xml]$adml=Get-Content "$policyDir\$language\$source.adml" $resourceText= $adml.policyDefinitionResources.resources.stringTable.ChildNodes $supportedOn=($resourceText | Where-Object { $_.id -eq $valueName }).'#text' } else { $supportedOnID = ($data.policyDefinitions.supportedOn.definitions.ChildNodes | Where-Object { $_.Name -eq $policy.supportedOn.ref }).DisplayName $supportedOn = ($policyText | Where-Object { $_.id -eq $supportedOnID.Substring(9).TrimEnd(')') }).'#text' } if ($policy.parentCategory.ref.Contains(":")) { $source=$policy.SupportedOn.ref.Split(":")[0] $valueName=$policy.SupportedOn.ref.Split(":")[1] [xml]$adml=Get-Content "$policyDir\$language\$source.adml" $resourceText= $adml.policyDefinitionResources.resources.stringTable.ChildNodes $parentCategory=($resourceText | Where-Object { $_.id -eq $valueName }).'#text' } else { $parentCategoryID = ($data.policyDefinitions.categories.ChildNodes | Where-Object { $_.Name -eq $policy.parentCategory.ref }).DisplayName $parentCategory = ($policyText | Where-Object { $_.id -eq $parentCategoryID.Substring(9).TrimEnd(')') }).'#text' } [void]$table.Rows.Add( $file.Name, $parentCategory, $policy.Name, $displayName, $policy.class, $explainText, $supportedOn, $policy.key, $policy.valueName) } } } } $table | Export-Csv $outputfilename -NoTypeInformation

About chentiangemalc

specializes in end-user computing technologies. disclaimer 1) use at your own risk. test any solution in your environment. if you do not understand the impact/consequences of what you're doing please stop, and ask advice from somebody who does. 2) views are my own at the time of posting and do not necessarily represent my current view or the view of my employer and family members/relatives. 3) over the years Microsoft/Citrix/VMWare have given me a few free shirts, pens, paper notebooks/etc. despite these gifts i will try to remain unbiased.
This entry was posted in Group Policy, PowerShell and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s