Sök igenom alla GPO'er efter de som sätter "Logon as a service" och missar att lägga till default

NT Service\All Services skall finnas med på alla system för att vissa funktioner skall fungera.

# Define the file path to save the results
$CSVFilePath = "C:\UserPath\GPO_Result.txt"

# Get forest information
$MyForest = Get-ADDomain | select -ExpandProperty forest

# Get all GPOs in the Active Directory
$GPOs = Get-GPO -All

# Initialize an empty array to store GPOs that set the "SeServiceLogonRight"
$FilteredGPOs = @()

# Loop through each GPO
foreach ($GPO in $GPOs) 
{
    write-host "Checking: "$gpo.displayname
    $GPOSettings = $null
    # Look for SeServiceLogonRight in GPO
    $GPOSettings = Get-GPOReport -Name $GPO.DisplayName -ReportType Xml | Select-String "SeServiceLogonRight"

    # Does "SeServiceLogonRight" exist in this GPO
    if ($GPOSettings -ne $null)
    {
        # search for correct user rights
        $users = $null
        $users = gc "\\$MyForest\SYSVOL\$MyForest\Policies\{$($GPO.id)}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf" | Select-String "SeServiceLogonRight"
        If($users -notlike "*S-1-5-80-0*")
        {
            write-host "Missing NT Services\All Services " $GPO.displayname -foregroundcolor red
            # Add the GPO to the filtered GPOs array
            $FilteredGPOs += $GPO
        }
    }
}

# Export the filtered GPOs to a CSV file
$FilteredGPOs | Select-Object DisplayName, Id | Export-Csv -Path $CSVFilePath -NoTypeInformation

# Display a confirmation message
Write-Host "Filtered GPOs have been exported to $CSVFilePath"