Configure GPO item level targeting in PowerShell instead of GUI

Question

Is there a way to add multiple computers to the "Item Level Targeting" section of a GPO using PowerShell, instead of doing each one manually in the GUI?
For example, I have a GPO that edits registry entries. I have five separate reg changes listed in the policy and I want to add a different list of computer names to the Item Level Targeting section of each entry in the GPO, using the OR variable for each hostname.
I have a script I am working with but it returns errors ( I have removed reg entry and actual hostnames from script).

Import-Module GroupPolicy

$GPOName = "YourGPOName"
$RegistryKeys = @{
    "Key1" = "HKLM:\Software\YourCompany\YourProduct\Key1"
    "Key2" = "HKLM:\Software\YourCompany\YourProduct\Key2"
    "Key3" = "HKLM:\Software\YourCompany\YourProduct\Key3"
    "Key4" = "HKLM:\Software\YourCompany\YourProduct\Key4"
    "Key5" = "HKLM:\Software\YourCompany\YourProduct\Key5"
}
$ComputerLists = @{
    "Key1" = @("Computer1", "Computer2", "Computer3")
    "Key2" = @("Computer4", "Computer5", "Computer6")
    "Key3" = @("Computer1", "Computer3", "Computer5")
    "Key4" = @("Computer2", "Computer4", "Computer6")
    "Key5" = @("Computer1", "Computer6")
}

foreach ($RegistryKey in $RegistryKeys.Values) {
    foreach ($ComputerList in $ComputerLists[$RegistryKeys.Keys[$RegistryKeys.Values.IndexOf($RegistryKey)]]) {
        $Target = New-GPItemLevelTargetingComputerItem -ComputerName $ComputerList -LogicalOperator Or
        Add-GPItemLevelTargetingEntry -Name $GPOName -Target $Target -ItemLevelTarget "Registry" -RegistryKey $RegistryKey
    }
}

Thank you,

Answer 1

Hi,

This is a way to do it :

Import-Module GroupPolicy

$GPOName = "YourGPOName"
$GPO = Get-GPO -Name $GPOName

# Define the lists of computers for each registry entry
$RegistryEntry1Computers = @("Computer1", "Computer2", "Computer3")
$RegistryEntry2Computers = @("Computer4", "Computer5", "Computer6")
# Add more lists for the other registry entries as needed

# Function to create an item-level targeting collection with OR logic for a list of computer names
function New-ComputerTargetingCollection ($ComputerList) {
    $TargetingCollection = New-GPItemLevelTargetingCollection -Condition OR

    foreach ($Computer in $ComputerList) {
        $ComputerTargeting = New-GPItemLevelTargeting -HostName -IsEQ -Name $Computer
        $TargetingCollection.Add($ComputerTargeting)
    }

    return $TargetingCollection
}

# Create the item-level targeting collections for the registry entries
$RegistryEntry1Targeting = New-ComputerTargetingCollection -ComputerList $RegistryEntry1Computers
$RegistryEntry2Targeting = New-ComputerTargetingCollection -ComputerList $RegistryEntry2Computers
# Add more targeting collections for the other registry entries as needed

# Function to apply the item-level targeting collection to the registry entry within the GPO
function Set-GPRegistryItemLevelTargeting ($GPO, $RegistryKeyPath, $TargetingCollection) {
    $RegistryEntry = Get-GPRegistryValue -Guid $GPO.Id -Key $RegistryKeyPath
    if ($RegistryEntry -ne $null) {
        $RegistryEntry.ItemLevelTargeting = $TargetingCollection
        Set-GPRegistryValue -Guid $GPO.Id -RegistryValue $RegistryEntry -TargetingCollection $TargetingCollection
    }
}

# Apply the item-level targeting collections to the respective registry entries within the GPO
$RegistryKeyPath1 = "HKEY_LOCAL_MACHINE\Software\Example\RegEntry1"
$RegistryKeyPath2 = "HKEY_LOCAL_MACHINE\Software\Example\RegEntry2"
# Add more registry key paths for the other registry entries as needed

Set-GPRegistryItemLevelTargeting -GPO $GPO -RegistryKeyPath $RegistryKeyPath1 -TargetingCollection $RegistryEntry1Targeting
Set-GPRegistryItemLevelTargeting -GPO $GPO -RegistryKeyPath $RegistryKeyPath2 -TargetingCollection $RegistryEntry2Targeting
# Add more calls to Set-GPRegistryItemLevelTargeting for the other registry entries as needed

Answer 2

This is the error I get:

Index operation failed; the array index evaluated to null.
At line:2 char:31
+ ... uterList in $ComputerLists[$RegistryKeys.Keys[$RegistryKeys.Values.In ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : NullArrayIndex
 
Index operation failed; the array index evaluated to null.
At line:2 char:31
+ ... uterList in $ComputerLists[$RegistryKeys.Keys[$RegistryKeys.Values.In ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : NullArrayIndex
 
Index operation failed; the array index evaluated to null.
At line:2 char:31
+ ... uterList in $ComputerLists[$RegistryKeys.Keys[$RegistryKeys.Values.In ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : NullArrayIndex
 
Index operation failed; the array index evaluated to null.
At line:2 char:31
+ ... uterList in $ComputerLists[$RegistryKeys.Keys[$RegistryKeys.Values.In ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : NullArrayIndex
 
Index operation failed; the array index evaluated to null.
At line:2 char:31
+ ... uterList in $ComputerLists[$RegistryKeys.Keys[$RegistryKeys.Values.In ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : NullArrayIndex