This PowerShell script will check the registry for the last time the Group Policy ran, calculate the current date and compare to a set value (30 Days). It will the result is greater than the set value it will return $true or $false.

# Get StartTimeHi Int32 value
$startTimeHi = (Get-ItemProperty -Path "Registry::HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}").startTimeHi
# Get StartTimeLo Int32 value
$startTimeLo = (Get-ItemProperty -Path "Registry::HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}").startTimeLo
# Convert from FileTime
$gpDateTime = [datetime]::FromFileTime(([Int64] $startTimeHi -shl 32) -bor $startTimeLo)
$lastModifiedDate = (Get-Item "$env:SystemRoot\System32\GroupPolicy\Machine\Registry.pol").LastWriteTime

if (($gpDateTime -lt (Get-Date).AddDays(-30)) -or ($lastModifiedDate -lt (Get-Date).AddDays(-30))) {Return $true} else {$false}

One Reply to “Check if Group Policy is Out of Date with PowerShell”

Matthew

2021-05-27 at 11:31

Perfect – just what I needed. Thanks for sharing

Reply

Leave a comment Cancel reply

Notify me of follow-up comments by email.

Notify me of new posts by email.

Δ

This site uses Akismet to reduce spam. Learn how your comment data is processed.