pwsh..GPO Perms

Building a report

Don’t forget you need the GroupPolicy module installed. That will come from RSAT.

set a variable to capture all GPO info

$GPOs = Get-GPO -All

Use this to get the access rights

$ACLs = Get-GPPermission -Guid $GPO.Id -All

Script from Easy365Manager – another most excellent site

# Set up output file
$File = "GPO_Delegation.txt"
"Name;GUID;ID;Rights;Type;Owner" | Out-File $File
# Import GPO module
Import-Module GroupPolicy
# Get all GPO's in the domain
$GPOs = Get-GPO -All
$Result = @()
ForEach($GPO In $GPOs){
    # Get ACL of GPO
    $ACLs = Get-GPPermission -Guid $GPO.Id -All
    ForEach($ACL in $ACLs){
        # Objectify the result for easier handling
        $Properties = @{
            ACL = $ACL
            GPO = $GPO
        }
        $Result += New-Object psobject -Property $Properties
    }
}
ForEach ($Item In $Result){
    $Output = $Item.GPO.DisplayName + ";" + $Item.GPO.Id + ";" + $Item.ACL.Trustee.Name + ";" + $Item.ACL.Permission + ";" + $Item.ACL.Trustee.SidType + ";" + $Item.GPO.Owner
    $Output | Out-File $File -Append
    Write-Host $Output
}