7.1-Get-CSE.ps1

<#
    Engineering Active Directory by Evgenij Smirnov
    Chapter 7: Engineering Configuration
    Code 7.1:  List CSEs required by each GPO
#>

# the list below is pilfered from https://www.infrastructureheroes.org/microsoft-infrastructure/microsoft-windows/guid-list-of-group-policy-client-extensions/
# and updated with author's own knowledge
$cseMap = @{
    '{00000000-0000-0000-0000-000000000000}' = 'Core GPO Engine'
    '{0ACDD40C-75AC-47AB-BAA0-BF6DE7E7FE63}' = 'Wireless Group Policy'
    '{0E28E245-9368-4853-AD84-6DA3BA35BB75}' = 'Preference CSE GUID Environment Variables'
    '{0F6B957D-509E-11D1-A7CC-0000F87571E3}' = 'Tool Extension GUID (Computer Policy Settings)'
    '{0F6B957E-509E-11D1-A7CC-0000F87571E3}' = 'Tool Extension GUID (User Policy Settings) – Restrict Run'
    '{1612B55C-243C-48DD-A449-FFC097B19776}' = 'Preference Tool CSE GUID Data Sources'
    '{16BE69FA-4209-4250-88CB-716CF41954E0}' = 'Central Access Policy Configuration'
    '{17D89FEC-5C44-4972-B12D-241CAEF74509}' = 'Preference CSE GUID Local users and groups'
    '{1A6364EB-776B-4120-ADE1-B63A406A76B5}' = 'Preference CSE GUID Devices'
    '{1B767E9A-7BE4-4D35-85C1-2E174A7BA951}' = 'Preference Tool CSE GUID Devices'
    '{25537BA6-77A8-11D2-9B6C-0000F8080861}' = 'Folder Redirection'
    '{2EA1A81B-48E5-45E9-8BB7-A6E3AC170006}' = 'Preference Tool CSE GUID Drives'
    '{3060E8CE-7020-11D2-842D-00C04FA372D4}' = 'Remote Installation Services'
    '{346193F5-F2FD-4DBD-860C-B88843475FD3}' = 'ConfigMgr User State Management Extension'
    '{35141B6B-498A-4CC7-AD59-CEF93D89B2CE}' = 'Preference Tool CSE GUID Environment Variables'
    '{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' = 'Registry Settings'
    '{3610EDA5-77EF-11D2-8DC5-00C04FA31A66}' = 'Microsoft Disk Quota'
    '{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}' = 'Preference CSE GUID Network Options'
    '{3BAE7E51-E3F4-41D0-853D-9BB9FD47605F}' = 'Preference Tool CSE GUID Files'
    '{3BFAE46A-7F3A-467B-8CEA-6AA34DC71F53}' = 'Preference Tool CSE GUID Folder Options'
    '{3EC4E9D3-714D-471F-88DC-4DD4471AAB47}' = 'Preference Tool CSE GUID Folders'
    '{40B6664F-4972-11D1-A7CA-0000F87571E3}' = 'Scripts (Startup/Shutdown)'
    '{40B66650-4972-11D1-A7CA-0000F87571E3}' = 'Scripts (Logon/Logoff) Run Restriction'
    '{426031C0-0B47-4852-B0CA-AC3D37BFCB39}' = 'QoS Packet Scheduler'
    '{42B5FAAE-6536-11D2-AE5A-0000F87571E3}' = 'ProcessScriptsGroupPolicy'
    '{47BA4403-1AA0-47F6-BDC5-298F96D1C2E3}' = 'Print Policy in PolicyMaker'
    '{4BCD6CDE-777B-48B6-9804-43568E23545D}' = 'Remote Desktop USB Redirection'
    '{4CFB60C1-FAA6-47F1-89AA-0B18730C9FD3}' = 'Internet Explorer Zonemapping'
    '{4D968B55-CAC2-4FF5-983F-0A54603781A3}' = 'Work Folders'
    '{516FC620-5D34-4B08-8165-6A06B623EDEB}' = 'Preference Tool CSE GUID Ini Files'
    '{53D6AB1D-2488-11D1-A28C-00C04FB94F17}' = 'Certificates Run Restriction'
    '{5794DAFD-BE60-433F-88A2-1A31939AC01F}' = 'Preference CSE GUID Drives'
    '{5C935941-A954-4F7C-B507-885941ECE5C4}' = 'Preference Tool CSE GUID Internet Settings'
    '{6232C319-91AC-4931-9385-E70C2B099F0E}' = 'Group Policy Folders'
    '{6A4C88C6-C502-4F74-8F60-2CB23EDC24E2}' = 'Preference CSE GUID Network Shares'
    '{7150F9BF-48AD-4DA4-A49C-29EF4A8369BA}' = 'Preference CSE GUID Files'
    '{728EE579-943C-4519-9EF7-AB56765798ED}' = 'Preference CSE GUID Data Sources'
    '{74EE6C03-5363-4554-B161-627540339CAB}' = 'Preference CSE GUID Ini Files'
    '{7933F41E-56F8-41D6-A31C-4148A711EE93}' = 'Windows Search Group Policy Extension'
    '{79F92669-4224-476C-9C5C-6EFB4D87DF4A}' = 'Preference Tool CSE GUID Local users and groups'
    '{7B849A69-220F-451E-B3FE-2CB811AF94AE}' = 'Internet Explorer User Accelerators/PolicyMaker'
    '{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}' = 'Computer Restricted Groups'
    '{827D319E-6EAC-11D2-A4EA-00C04F79F83A}' = 'Security'
    '{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}' = 'Folder Redirection'
    '{8A28E2C5-8D06-49A4-A08C-632DAA493E17}' = 'Deployed Printer Connections'
    '{91FBB303-0CD5-4055-BF42-E512A681B325}' = 'Preference CSE GUID Services'
    '{942A8E4F-A261-11D1-A760-00C04FB9603F}' = 'Software Installation (Computers)'
    '{949FB894-E883-42C6-88C1-29169720E8CA}' = 'Preference Tool CSE GUID Network Options'
    '{9AD2BAFE-63B4-4883-A08C-C3C6196BCAFD}' = 'Preference Tool CSE GUID Power Options'
    '{A2E30F80-D7DE-11D2-BBDE-00C04F86AE3B}' = 'Internet Explorer Branding'
    '{A3F3E39B-5D83-4940-B954-28315B82F0A8}' = 'Preference CSE GUID Folder Options'
    '{A8C42CEA-CDB8-4388-97F4-5831F933DA84}' = 'Preference Tool CSE GUID Printers'
    '{AADCED64-746C-4633-A97C-D61349046527}' = 'Preference CSE GUID Scheduled Tasks'
    '{D02B1F72-3407-48AE-BA88-E8213C6761F1}' = 'Windows LAPS Tool'
    '{B087BE9D-ED37-454F-AF9C-04291E351182}' = 'Preference CSE GUID Registry'
    '{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}' = 'EFS Recovery'
    '{B587E2B1-4D59-4E7E-AED9-22B9DF11D053}' = '802.3 Group Policy'
    '{B9CCA4DE-E2B9-4CBD-BF7D-11B6EBFBDDF7}' = 'Preference Tool CSE GUID Regional Options'
    '{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}' = 'Windows To Go Startup Options'
    '{BACF5C8A-A3C7-11D1-A760-00C04FB9603F}' = 'Software Installation (Users) Run Restriction'
    '{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}' = 'Preference CSE GUID Printers'
    '{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}' = 'Preference Tool CSE GUID Registry'
    '{BFCBBEB0-9DF4-4C0C-A728-434EA66A0373}' = 'Preference Tool CSE GUID Network Shares'
    '{C34B2751-1CF4-44F5-9262-C3FC39666591}' = 'Windows To Go Hibernate Options'
    '{C418DD9D-0D14-4EFB-8FBF-CFE535C8FAC7}' = 'Preference CSE GUID Shortcuts'
    '{C631DF4C-088F-4156-B058-4375F0853CD8}' = 'Microsoft Offline Files'
    '{C6DC5466-785A-11D2-84D0-00C04FB169F7}' = 'Software Installation (appmgmts.dll)'
    '{CAB54552-DEEA-4691-817E-ED4A4D1AFC72}' = 'Preference Tool CSE GUID Scheduled Tasks'
    '{CC5746A9-9B74-4BE5-AE2E-64379C86E0E4}' = 'Preference Tool CSE GUID Services'
    '{CDEAFC3D-948D-49DD-AB12-E578BA4AF7AA}' = 'TCP/IP'
    '{CEFFA6E2-E3BD-421B-852C-6F6A79A59BC1}' = 'Preference Tool CSE GUID Shortcuts'
    '{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}' = 'Internet Explorer Machine Accelerators'
    '{CF848D48-888D-4F45-B530-6A201E62A605}' = 'Preference Tool CSE GUID Start Menu'
    '{D02B1F73-3407-48AE-BA88-E8213C6761F1}' = 'Tool Extension GUID (User Policy Settings)'
    '{D76B9641-3288-4F75-942D-087DE603E3EA}' = 'AdmPwd (Microsoft LAPS)'
    '{E437BC1C-AA7D-11D2-A382-00C04F991E27}' = 'IP Security'
    '{E47248BA-94CC-49C4-BBB5-9EB7F05183D0}' = 'Preference CSE GUID Internet Settings'
    '{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}' = 'Preference CSE GUID Start Menu'
    '{E5094040-C46C-4115-B030-04FB2E545B00}' = 'Preference CSE GUID Regional Options'
    '{E62688F0-25FD-4C90-BFF5-F508B9D2E31F}' = 'Preference CSE GUID Power Options'
    '{F0DB2806-FD46-45B7-81BD-AA3744B32765}' = 'Policy Maker'
    '{F17E8B5B-78F2-49A6-8933-7B767EDA5B41}' = 'Policy Maker'
    '{F27A6DA8-D22B-4179-A042-3D715F9E75B5}' = 'Policy Maker'
    '{F312195E-3D9D-447A-A3F5-08DFFA24735E}' = 'VirtualizationBasedSecurity GPO (DeviceGuard / CredentialGuard)'
    '{F3CCC681-B74C-4060-9F26-CD84525DCA2A}' = 'Audit Policy Configuration'
    '{F581DAE7-8064-444A-AEB3-1875662A61CE}' = 'Policy Maker'
    '{F648C781-42C9-4ED4-BB24-AEB8853701D0}' = 'Policy Maker'
    '{F6E72D5A-6ED3-43D9-9710-4440455F6934}' = 'Policy Maker'
    '{F9C77450-3A41-477E-9310-9ACD617BD9E3}' = 'Group Policy Applications'
    '{FB2CA36D-0B40-4307-821B-A13B252DE56C}' = 'Enterprise QoS'
    '{FBF687E6-F063-4D9F-9F4F-FD9A26ACDD5F}' = 'CP (gptext.dll)'
    '{FC715823-C5FB-11D1-9EEF-00A0C90347FF}' = 'Internet Explorer Maintenance Extension protocol'
    '{FD2D917B-6519-4BF7-8403-456C0C64312F}' = 'Policy Maker'
    '{FFC64763-70D2-45BC-8DEE-7ACAF1BA7F89}' = 'Policy Maker'
}
$rootDSE = New-Object System.DirectoryServices.DirectoryEntry('LDAP://rootDSE')
$filter = '(objectClass=groupPolicyContainer)'
$dSearcher = New-Object System.DirectoryServices.DirectorySearcher
$dSearcher.SearchRoot = 'LDAP://{0}' -f $rootDSE.defaultNamingContext[0]
$dSearcher.SearchScope = [System.DirectoryServices.SearchScope]::Subtree
$null = $dSearcher.PropertiesToLoad.Add('name')
$null = $dSearcher.PropertiesToLoad.Add('displayName')
$null = $dSearcher.PropertiesToLoad.Add('gPCMachineExtensionNames')
$null = $dSearcher.PropertiesToLoad.Add('gPCUserExtensionNames')
$dSearcher.Filter = $filter
$gpoSR = $dSearcher.FindAll()
$regex = [regex]"(\[(\{[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}\})(\{[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}\})?\])"
foreach ($gpo in $gpoSR) {
    $mCSEs = $regex.Matches($gpo.Properties['gPCMachineExtensionNames'][0]).Groups.Where({$_.Name -eq '2'}).Value
    $uCSEs = $regex.Matches($gpo.Properties['gPCUserExtensionNames'][0]).Groups.Where({$_.Name -eq '2'}).Value
    $res = [PSCustomObject]@{
        'Id' = $gpo.Properties['name'][0]
        'DisplayName' = $gpo.Properties['displayName'][0]
        'MachineCSE' = @()
        'UserCSE' = @()
    }
    foreach ($id in $mCSEs) {
        $cse = [PSCustomObject]@{
            'Guid' = $id
            'Name' = 'unknown'
         }
         if ($cseMap.ContainsKey($id)) {
            $cse.Name = $cseMap[$id]
         }
         $res.MachineCSE += $cse
    }
    foreach ($id in $uCSEs) {
        $cse = [PSCustomObject]@{
            'Guid' = $id
            'Name' = 'unknown'
         }
         if ($cseMap.ContainsKey($id)) {
            $cse.Name = $cseMap[$id]
         }
         $res.UserCSE += $cse
    }
    $res
}