Share via

PowerShell - Group Policy Preferences - Item Level Targeting

  • Article

Question

Friday, June 7, 2019 8:57 AM

Hi All,

This is my first post on the forum so I hope I'm in the right place and am giving the correct information, feel free to redirect me or ask for more information as required.

So I have butchered some scripts I have used before to be able to create group policy preference mapped drives and printers.

Mapped Drives Ref:

https://sdmsoftware.com/group-policy-blog/cool-new-group-policy-software-products/automating-group-policy-preferences-drive-mapping-with-powershell-vide/

Printers Ref:

https://janegilring.wordpress.com/2010/01/18/automate-group-policy-preferences-printer-management-using-windows-powershell-2/

Scenario:

So the script to create the mapped drives with item level targeting works as required, creates all the drives and sets the appropriate ILT groups etc.

The script to create printer preferences also works great after I changed it from a psm1 to a ps1 and changed it about to run in the same fashion as the mapped drives script.

What I am trying to do is add the ILT (Item level targeting) function to the printer script to save me manually adding 100s of ILT settings to 100s of printers. I believe its almost there but I am getting an error during the ILT process and my understanding of PowerShell is limiting my ability to resolve the issue (spent a few days trying to get this to work now but no luck so far).

The error I get is below:

You cannot call a method on a null-valued expression.
At C:\PowerShell - Create Printers via GPP with ILT.ps1:23 char:5
+     $map.put("Item-level targeting", $iilt)
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull
 
You cannot call a method on a null-valued expression.
At C:\PowerShell - Create Printers via GPP with ILT.ps1:24 char:5
+     $map.save()
+     ~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull
 

I cant understand how in one script that value is not null but in the other it is when I am doing the same thing. If anyone thinks they can help me get to where I want to be that would be appreciated, any assistance will be greatly appreciated.

Copies of the scripts are below:

Best Wishes,

Dan

function MapDrives
{
    param ([string]$DriveLetter,[string]$Share,[string]$Domain,[string]$GroupName)
    "Writing Drive Mapping: $DriveLetter"
    $gpo = get-sdmGPObject "gpo://workspace.com/Drive Mapping Policy" -openbyname
    $drives = $gpo.GetObject("User Configuration/Preferences/Windows Settings/Drive Maps");
    $map = $drives.Settings.AddNew($DriveLetter)
    $map.Put("Action", [GPOSDK.EAction] "Create")
    $map.Put("Drive Letter", $DriveLetter)
    $map.Put("Location", $Share)
    $map.Put("Reconnect", $true);
    $map.Put("Label as", $DriveLetter);
    # now do ILT
    $objUser = New-Object System.Security.Principal.NTAccount ($Domain, $GroupName)
    $strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
    $iilt = $GPO.CreateILTargetingList()
    $itm = $iilt.CreateIILTargeting([GPOSDK.Providers.ILTargetingType] "FilterGroup")
    $itm.put("Group”, $groupName)
    $itm.put("UserInGroup", $true)
    $itm.put("SID", $strSID.value)
    $iilt.Add($itm)
    # now add ILT to drive mapping and save the setting
    $map.put("Item-level targeting", $iilt)
    $map.save()
}
    $DriveInfo = Import-Csv -Path "C:\GPP Mapped Drives Import File.csv"
    foreach ($drive in $driveInfo)
{
    MapDrives -Driveletter $drive.DriveLetter -Share $drive.Share -Domain $drive.Domain -GroupName $drive.GroupName
}

function Add-GPPreferencesPrinter 
{ 
    param ([string]$GPOName,[string]$Printername,[string]$Sharepath,[string]$Action,[string]$GroupName,[string]$Domain) 
 
    $gpo = Get-SDMgpobject -gpoName "gpo://contoso.com/PrinterPolicy" -openByName 
    $container = $gpo.GetObject("User Configuration/Preferences/Control Panel Settings/Printers/Shared printer") 
    $add = $container.Settings.AddNew("$Printername") 
    $add.put("Action",[GPOSDK.EAction]$Action) 
    $add.put("Share path",$Sharepath) 
    $add.put("Default",$Default) 
    $add.put("Default if no local printers",$DefaulIfNoLocalPrinters) 
    $add.Save() 
    # now do ILT
    $objUser = New-Object System.Security.Principal.NTAccount ($Domain, $GroupName)
    $strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
    $iilt = $GPO.CreateILTargetingList()
    $itm = $iilt.CreateIILTargeting([GPOSDK.Providers.ILTargetingType] "FilterGroup")
    $itm.put("Group”, $GroupName)
    $itm.put("UserInGroup", $true)
    $itm.put("SID", $strSID.value)
    $iilt.Add($itm)
    # now add ILT to drive mapping and save the setting
    $map.put("Item-level targeting", $iilt)
    $map.save()
} 
    $PrinterInfo = Import-Csv -Path "C:\GPP Printers Import File with ILT.csv"
    foreach ($Printer in $PrinterInfo)
{
    Add-GPPreferencesPrinter -GPOName $Printer.GPOName -Printername $Printer.Printername -Sharepath $Printer.Sharepath -Action $Printer.Action -Domain $Printer.Domain -GroupName $Printer.GroupName
}

Example CSV format for the mapped drives script:

DriveLetter Share   Domain  GroupName
S  \\localhost\share1 contoso.com TestGroup1

Example CSV format for the printers script:

Printername Sharepath  Action Domain  GroupName
Test01  localhost\Printer1 Update Contoso.com TestGroup1

All replies (3)

Monday, June 10, 2019 6:40 AM ✅Answered

Hi,

Thanks for your question.

In your printer script, you don't have $map variable, so you will get the null null-valued expression error.

Please try to change it to $add.

function Add-GPPreferencesPrinter 
{ 
    param ([string]$GPOName,[string]$Printername,[string]$Sharepath,[string]$Action,[string]$GroupName,[string]$Domain) 
 
    $gpo = Get-SDMgpobject -gpoName "gpo://contoso.com/PrinterPolicy" -openByName 
    $container = $gpo.GetObject("User Configuration/Preferences/Control Panel Settings/Printers/Shared printer") 
    $add = $container.Settings.AddNew("$Printername") 
    $add.put("Action",[GPOSDK.EAction]$Action) 
    $add.put("Share path",$Sharepath) 
    $add.put("Default",$Default) 
    $add.put("Default if no local printers",$DefaulIfNoLocalPrinters) 
    $add.Save() 
    # now do ILT
    $objUser = New-Object System.Security.Principal.NTAccount ($Domain, $GroupName)
    $strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
    $iilt = $GPO.CreateILTargetingList()
    $itm = $iilt.CreateIILTargeting([GPOSDK.Providers.ILTargetingType] "FilterGroup")
    $itm.put("Group”, $GroupName)
    $itm.put("UserInGroup", $true)
    $itm.put("SID", $strSID.value)
    $iilt.Add($itm)
    # now add ILT to drive mapping and save the setting
    $add.put("Item-level targeting", $iilt)
    $add.save()
} 
    $PrinterInfo = Import-Csv -Path "C:\GPP Printers Import File with ILT.csv"
    foreach ($Printer in $PrinterInfo)
{
    Add-GPPreferencesPrinter -GPOName $Printer.GPOName -Printername $Printer.Printername -Sharepath $Printer.Sharepath -Action $Printer.Action -Domain $Printer.Domain -GroupName $Printer.GroupName
}

Best regards,

Lee

Just do it.

Wednesday, June 12, 2019 9:44 AM

Perfect Lee, that's the one! Sometimes it just pays to ask someone else to look and point out what I was failing to notice :-)

Really appreciate your time, marked your reply as the answer.

All the best.

Wednesday, June 12, 2019 9:48 AM

You're welcome. I am very happy that my reply has solved your problem.

Just do it.