Listing 2: GetGPOPerms.vbs

BEGIN COMMENT
' Create the GPM and GPMConstants objects, then connect to the domain.
END COMMENT
Set GPMC = CreateObject("GPMgmt.GPM")
Set Constants = GPMC.GetConstants()
‘ BEGIN CALLOUT A
Set GPMCDomain = GPMC.GetDomain("mycompany.net", "", Constants.UseAnyDC)
‘ END CALLOUT A

‘ BEGIN CALLOUT B
BEGIN COMMENT
' Create an object for the GPO for which you want to list the permissions.
END COMMENT
Set MyGPO = GPMCDomain.GetGPO("{31B2F340-016D-11D2-945F-00C04FB984F9}")

BEGIN COMMENT
' Get the permissions.
END COMMENT
Set GPOSec = MyGPO.GetSecurityInfo()
‘ END CALLOUT B

For indx=1 to GPOSec.Count
BEGIN COMMENT
	' Set the ACE to the Ace variable.
END COMMENT
	Set Ace = GPOSec.Item(indx)
BEGIN COMMENT
	' Find out the username or group name for the ACE.
END COMMENT
	Set UsrorGrp= Ace.Trustee
	PrincipalName=UsrorGrp.TrusteeName
‘ BEGIN CALLOUT C
BEGIN COMMENT
	' Find out which permission the user or group has.
END COMMENT
	Select Case Ace.Permission
		Case Constants.permGPOApply
			Perm="Read and Apply Group Policy"
		Case Constants.permGPOEdit
			Perm="Edit Group Policy"
		Case Constants.permGPOEditSecurityAndDelete
			Perm="Edit Group Policy, Modify Security and Delete Group Policy"
		Case Constants.permGPORead
			Perm="Read Group Policy"
		Case Constants.permGPOCustom
			Perm="Custom Permission"
	End Select
‘ END CALLOUT C
	WScript.Echo "The User or Group: " & PrincipalName & _
		" has the following permission: " & Perm
Next