<# .Synopsis Clears GPO Cache on remote computer .DESCRIPTION This function clears the GPO Cache on a remote computer by creating Scheduled Task to remove, using System user context .PARAMETER COMPUTERS A single computer name or array of computer names .EXAMPLE Clear-GPOCache PC1 Clears the GPO cache on PC1 .EXAMPLE "PC1","PC2" |Clear-GPOCache Clears the GPO cache on PC1 and PC2 .NOTES Alan Kaplan 5/22/2017 7/11/2017 Added test for temp dir, ch #> function Clear-GPOCache { [CmdletBinding( SupportsShouldProcess=$true) ] Param ( # Single Computer name or an array [Parameter(Mandatory=$true, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true, Position=0)] $Computers ) Begin { $batchFileLocal = "c:\temp\ClearGPO.cmd" $batchTxt = @" @echo off REM This c: DEL /S /F /Q "%ALLUSERSPROFILE%\Application Data\Microsoft\Group Policy\History\*.*" REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies /f [HKUDeletes] esentutl /r edb /l %windir%\security /s %windir%\security klist purge gpupdate /force echo GPO cache cleared by $env:USERDOMAIN\$env:USERNAME at %date% %time% >> c:\GPOCacheClearedLog.txt del $batchFileLocal "@ } #End Begin Process { Foreach ($Computer in $Computers) { if ($pscmdlet.ShouldProcess($computer) ){ $bTest = $False}Else{$bTest = $true} Write-Verbose "Pinging $computer" if ( ((Test-Connection -Count 1 -Computer $computer -Quiet) -eq $False) -and ($Computer -notlike $env:COMPUTERNAME) ) { [PSCustomObject]@{ Computer = $Computer Result = "Offline" } Continue } ELSE { try{ Write-Verbose "Getting local time from $computer" $WMITime = Get-WMIObject -ComputerName $computer Win32_Localtime -Property Hour, Minute -ErrorAction Stop $t= [datetime]::Parse($($WMITime).Hour.ToString() + ':'+ $($WMITime).Minute.ToString()) $t = $t.AddMinutes(3).GetDateTimeFormats()[109] Write-Verbose "Getting local user SIDS from $computer" $SidList = Get-WmiObject -ComputerName $computer -query "SELECT SID FROM Win32_UserProfile where special = 'False'" $DelList = '' foreach ($sid in $SidList.Sid){ $DelList += "REG DELETE HKU\$sid\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies /f`n" } if ((test-path "\\$computer\c$\temp") -eq $false ){new-item -path "\\$computer\c$\temp" -ItemType Directory} $batchText = $batchTxt.Replace('[HKUDeletes]',$DelList) $batchFileUNC = "\\$computer\c$\temp\ClearGPO.cmd" Set-content -Value $batchText -Path $batchFileUNC -Force -Whatif:$bTest $cmd = "Schtasks /Create /s $computer /st $t /tr $batchFileLocal /RU System /TN ClearGPOCache /sc ONCE /f /v1 /z" Write-Verbose "Running Clear GPO Cache as scheduled job on $computer starting at $t with command`:`n`"$cmd`"" if ($bTest){ #Do nothing Write "What if: Performing the operation `"Create Scheduled Task`" on target `"$computer`"" $testMsg = ' (Test Mode)' }ELSE{ Invoke-Expression $cmd #Note in event log write-eventlog -computername $Computer -logname Application -Source 'Windows PowerShell' -eventID 9001 -message "Clear GPO Cache run by $env:UserDomain`\$env:username from $env:computername" } [PSCustomObject]@{ Computer = $Computer Result = "Success" + $testMsg } } Catch { $errmsg = $Error[0].exception.message + $testMsg [PSCustomObject]@{ Computer = $Computer Result = "Error: $errmsg" } Continue } } } } #End Process End { } #End End } #End Function