# PCS Toolkit - Group Policy Report
# Generates HTML report of applied Group Policies

$timestamp = Get-Date -Format "yyyy-MM-dd_HH-mm-ss"
$htmlFile = "$env:USERPROFILE\Desktop\GPReport_$timestamp.html"
$logFile = "$env:USERPROFILE\Desktop\GPReport_$timestamp.txt"

function Log($msg) {
    Write-Host $msg
    Add-Content $logFile $msg
}

Log "========================================"
Log "    PCS Toolkit - Group Policy Report"
Log "========================================"
Log "Generated: $(Get-Date)"
Log "Computer: $env:COMPUTERNAME"
Log "User: $env:USERNAME"
Log ""

# Check if domain joined
$cs = Get-CimInstance Win32_ComputerSystem
$isDomainJoined = $cs.PartOfDomain

Log "Domain Joined: $isDomainJoined"
if ($isDomainJoined) {
    Log "Domain: $($cs.Domain)"
}
Log ""

Log "Generating Group Policy Result report..."
Log "This may take a minute..."

try {
    gpresult /H $htmlFile /F
    Log "HTML Report generated: $htmlFile"
} catch {
    Log "Error generating HTML report: $_"
}

Log ""
Log "=== APPLIED GPOS (Summary) ==="

$gpoResult = gpresult /R 2>&1
$gpoResult | ForEach-Object { Log $_ }

Log ""
Log "=== SECURITY SETTINGS ==="

# Password policy
Log "Password Policy (Local):"
$secedit = secedit /export /cfg "$env:TEMP\secpol.cfg" /quiet 2>$null
if (Test-Path "$env:TEMP\secpol.cfg") {
    $secpol = Get-Content "$env:TEMP\secpol.cfg"
    $secpol | Where-Object { $_ -match "Password|Lockout" } | ForEach-Object { Log "  $_" }
    Remove-Item "$env:TEMP\secpol.cfg" -Force
}

Log ""
Log "=== AUDIT POLICY ==="
auditpol /get /category:* 2>&1 | ForEach-Object { Log "  $_" }

Log ""
Log "========================================"
Log "REPORT COMPLETE"
Log "========================================"
Log "HTML Report: $htmlFile"
Log "Text Log: $logFile"

# Open HTML report
Start-Process $htmlFile
Read-Host "Press Enter to exit"