RE: Checking what GPs are in effect

From: Russell Lavoie (rlavoie_at_ncsoft.com)
Date: 04/08/05

  • Next message: Rodrigo Blanco: "Re: PEAP based 802.1x LAN authentication"
    Date: Fri, 8 Apr 2005 14:45:17 -0500
    To: <Ethys@auchan.Fr>, <Salvador.Manaois@infineon.com>, <thor@hammerofgod.com>, <juandelacruz@gmail.com>, <focus-ms@securityfocus.com>
    
    

    The simple and easy way to check is do the following:

    Start - Help and Support - select option "Use Tools to view your computer information and diagnose problems" - click option "advanced system information" - click option "view group policy settings applied."

    There ya go. Quick and easy.

    Russ Lavoie

    -----Original Message-----
    From: Emmanuel THYS [mailto:ethys@auchan.Fr]
    Sent: Friday, April 08, 2005 10:06 AM
    To: Salvador.Manaois@infineon.com; thor@hammerofgod.com; juandelacruz@gmail.com; focus-ms@securityfocus.com
    Subject: RE: Checking what GPs are in effect

    Another way is to launch a mmc , add the "resultant set of policies" snap-in
    and check parameters sets (assuming XP or 2003)

    Otherwise : If the GP is set to the computer which your users try to connect
    to, you could enable "GP loopback processing"
    (http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit
    /en-us/Default.asp?url=/resources/documentation/Windows/2000/server/reskit/e
    n-us/gp/34.asp)
            So you don't have to assign your drive policy to every possible
    remote desktop user, you just have to assign the policy on machines they can
    connect to and enable loopback processing.
            classic in terminal server environments.

    ET

    -----Message d'origine-----
    De : Salvador.Manaois@infineon.com [mailto:Salvador.Manaois@infineon.com]
    Envoyé : vendredi 8 avril 2005 09:47
    À : thor@hammerofgod.com; juandelacruz@gmail.com; focus-ms@securityfocus.com
    Objet : RE: Checking what GPs are in effect

    NetIQ's Group Policy Administrator can also generate the resultant group
    policies albeit in a more fancy GUI-driven manner. I think it's precursor is
    FullArmor's FAZAM 2000.

    ...badz...

    -----Original Message-----
    From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
    Sent: Friday, April 08, 2005 2:44 AM
    To: Henry Ortega; focus-ms@securityfocus.com
    Subject: Re: Checking what GPs are in effect

    The "GPRESULT" command gives detailed information regarding applied
    group
    policies on the host system along with helpful summary information.
    Give it
    a shot and see if that provides you with the information you require.
    I'm
    assuming XP clients.

    T

    ------
    *Secure your infrastructure*
    Microsoft Ninjitsu: Securely Deploying MS Technologies
    security training delivered by Timothy Mullen.
    Registration now open for Blackhat Seattle 2005:
    http://www.blackhat.com/html/training-seattle-05/train-bh-sea-05-tm.html

    ----- Original Message -----
    From: "Henry Ortega" <juandelacruz@gmail.com>
    To: <focus-ms@securityfocus.com>
    Sent: Thursday, April 07, 2005 8:52 AM
    Subject: Checking what GPs are in effect

    > Is there a way for me to check what Group Policies
    > are actually in effect? I am testing some policies and
    > do not know for sure if it took effect or not.
    >
    > Sample scenario:
    > Implementing GP for Remote Desktop users to not see
    > any drives. When I log on to that machine, I still see the drives. So

    > I want to make sure if the GP actually tried to take effect but didn't

    > like it for some reason, or the GP didn't even try to be in effect.
    >
    > Any suggestions?
    >
    > ----------------------------------------------------------------------
    > -----
    >
    ------------------------------------------------------------------------

    ---
    >
    >
    > 
    ------------------------------------------------------------------------
    ---
    ------------------------------------------------------------------------
    ---
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: Rodrigo Blanco: "Re: PEAP based 802.1x LAN authentication"