#Alan dot  Kaplan at va dot gov
#Does Remote RSOP using WMI for user names
#9/13/2016

#Requires -Version 3
#Requires -module GroupPolicy


Add-Type -assemblyname Microsoft.visualBasic
$Computer = [Microsoft.VisualBasic.Interaction]::InputBox("Enter FQDN computername for RSOP", "FQDN of computer", "$env:Computername.$env:userDNSDomain") 

if ((Test-Connection $Computer -Quiet -count 2) -eq $false){
    Write-Warning "Unable to ping $Computer"
    Exit
}

#Logfile on desktop with name of computer
$logfile = "$env:userprofile\desktop\$Computer.html" 

#Get list of domain network user with profile on system
$user = Get-WmiObject Win32_UserProfile -filter "not SID like '%-500' and Special = False" -ComputerName $Computer  | 
foreach {
    $SID = $_.SID.ToString()
    $IDRef= ([adsi]"LDAP://<SID=$SID>") 
    [PSCustomObject]@{
    Name =  $IDRef.name.Value
    SamAccountName =  $IDRef.SamAccountname.Value
    Description =  $IDRef.Description.Value
    DistinguishedName =  $IDRef.Distinguishedname.Value
    }
} |  
where {-NOT ([string]::IsNullOrEmpty($_.SamAccountName))} | sort Name |
Out-GridView -PassThru -Title "Select a user, or press Cancel for  computer only logging mode"


try{
    Get-GPResultantSetOfPolicy -ReportType Html -Computer $computer -path $logfile -User $user.samAccountName -erroraction Stop
    ii $logfile
}Catch{
    Write-warning $error[0].Exception.Message
}