Actually how to find computers on which GPO does not work?
there are more than 500PCs on the network and noticed that GPO does not work on one, the script did not work.
The question is how to identify all the computers on which the"bad" GPO does not work?
the problem is that some people are always on vacation, and some part of the computers is turned off.
it would be possible with a simple script so that the computer writes to the log its name that the script applied and matches the lists, but it doesn’t get due to vacationers.
go to each hand and check is not an option.
  • Configure GPO so that when you start somewhere in a file on a network drive, write the name of the computer(one-time), whose computers will not be there, and people are not on vacation - politics does not work there. – Nutty47 Oct 24 '19 at 10:56
  • Nutty47, not an option.there are a lot of computers.and then look who is on vacation and who is not ..
    you need to look at the logs for errors in an extreme case.
    – Fruity53 Oct 24 '19 at 11:47
  • chances are that some just dropped out of the domain at the initiative of the users themselves – Tender Termite Oct 24 '19 at 15:02
  • Tender Termite, what does it mean on the initiative of the users themselves?) – Fruity53 Oct 28 '19 at 07:44
  • Fruity53, the user himself left the domain and works from a local user, how can this be understood otherwise? – Tender Termite Oct 28 '19 at 09:27

1 Answers 1

I solved this problem in the following way.
1.Configured GLPI Inventory through FusionInventory.
2.Through the GPO, I configured the script to install the FusionInventory agent.
3.Set up automatic network scanning through Zenmap(any network scanner will do.)
A couple of weeks later, when the GLPI inventory was over, I compared the results of GLPI inventories and the results of Zenmap.The difference between these results is the computers with a broken GPO
A bonus is already an inventory network;)