-
Notifications
You must be signed in to change notification settings - Fork 0
/
GPOs_Add_Permissions.ps1
35 lines (24 loc) · 1.07 KB
/
GPOs_Add_Permissions.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
<#
Script: GPOs_Add_Permissions.ps1
Author: Taylor McDougall and Dean Bunn
Last Edited: 2022-02-25
#>
#Import Group Policy Module
Import-Module GroupPolicy;
#Var for Domain and Name of Admin Group to Grant Permissions
[string]$grantedAdminGroup = "AD3\COE-Admins";
#Var for GPO Domain FQDN
[string]$dmnGPOFDQN = "ou.ad3.ucdavis.edu";
#Check for GPO Report File
$csvGPOs = Import-Csv -Path .\Report-GPOs.csv;
foreach($csvGPO in $csvGPOs)
{
#Only Grant Rights to GPOs the Old Group had Full Rights On
if([string]::IsNullOrEmpty($csvGPO.Id) -eq $false -and [string]::IsNullOrEmpty($csvGPO.PermissionLevel) -eq $false -and $csvGPO.PermissionLevel -eq "GpoEditDeleteModifySecurity")
{
#Convert String to Guid
$guidGPOID = [Guid]$csvGPO.Id;
#Add Full Permissions to GPO for Admin Group
Set-GPPermission -Guid $guidGPOID -TargetName $grantedAdminGroup -TargetType Group -Server $dmnGPOFDQN -DomainName $dmnGPOFDQN -PermissionLevel GpoEditDeleteModifySecurity;
}#End of Permission Level Check for Old Group
}#End of $csvGPOs Foreach