diff --git a/scripts/ADDS/payload/scripts/11.GPO+GPP.Restrict Internet Communication.yml b/scripts/ADDS/payload/scripts/11.GPO+GPP.Restrict Internet Communication.yml index 42fd715..2abc135 100644 --- a/scripts/ADDS/payload/scripts/11.GPO+GPP.Restrict Internet Communication.yml +++ b/scripts/ADDS/payload/scripts/11.GPO+GPP.Restrict Internet Communication.yml @@ -1,7 +1,7 @@ Name: 'COMP: Restrict Internet Communication' Type: Object LinkedOUs: -- OU=Servers +- OU=Servers,OU=Computer accounts WMIFilters: [] RegistryEntries: - Key: HKLM\Software\Policies\Microsoft\InternetManagement diff --git a/scripts/ADDS/payload/scripts/11.GPO+GPP.ps1 b/scripts/ADDS/payload/scripts/11.GPO+GPP.ps1 index 0091435..274b63c 100644 --- a/scripts/ADDS/payload/scripts/11.GPO+GPP.ps1 +++ b/scripts/ADDS/payload/scripts/11.GPO+GPP.ps1 @@ -175,16 +175,22 @@ If (@('primary','standalone') -contains $Parameter['deployment.type']) { ForEach ($OU in $GroupPolicy.LinkedOUs) { If (Test-Path "AD:\$($OU + (',{0}' -f (Get-ADRootDSE).rootDomainNamingContext))") { - Write-Host "Linking policy '$($NewGPO.DisplayName)' to OU '$($OU)' ..." - $NewGPLinkSplat = @{ - Name = $NewGPO.DisplayName - Target = $OU + (',{0}' -f (Get-ADRootDSE).rootDomainNamingContext) -# ErrorAction = 'SilentlyContinue' + Try { + Write-Host "Linking policy '$($NewGPO.DisplayName)' to OU '$($OU)' ..." + $NewGPLinkSplat = @{ + Name = $NewGPO.DisplayName + Target = $OU + (',{0}' -f (Get-ADRootDSE).rootDomainNamingContext) + } + New-GPLink @NewGPLinkSplat | Out-Null + } + Catch { + $ParseErrors += "Could not link GPO '$($NewGPO.DisplayName)' to OU '$($OU)'" + Continue } - New-GPLink @NewGPLinkSplat | Out-Null } Else { - Throw "Path not accessible: 'AD:\$($OU + (',{0}' -f (Get-ADRootDSE).rootDomainNamingContext))" + $ParseErrors += "Path not accessible (referred to by '$($NewGPO.DisplayName)'): 'AD:\$($OU + (',{0}' -f (Get-ADRootDSE).rootDomainNamingContext))'" + Continue } } }