RE: AD Policy audit tool for Windows 2000



On XP and above you can do gpresult.exe /v on a per workstation/user
basis, but I don't know if that works on W2K.

Roger

*****************************************************************
*Roger A. Grimes, InfoWorld, Security Columnist
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada...
*email: roger_grimes@xxxxxxxxxxxxx or roger@xxxxxxxxxxxxxx
*Author of Professional Windows Desktop and Server Hardening (Wrox)
*http://www.amazon.com/gp/product/0764599909
*****************************************************************



-----Original Message-----
From: Koolk3 [mailto:koolk3@xxxxxxxxx]
Sent: Thursday, May 25, 2006 10:27 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: AD Policy audit tool for Windows 2000

Just to clarify on this a bit more. I need to know what settings that
are applied. I don't need a report showing me the status of every
policy. Just the ones that have been changed from their default.

Koolk3

On 5/25/06, Koolk3 <koolk3@xxxxxxxxx> wrote:
Thanks everyone for your responses. Here is an update on what I have
found so far. I would also like to have your feedback on any of the
tools listed here if you have any experience with them.

1) GPOVault (free) from DesktopStandard: This can compare settings
between 2 GPO rsops. Anyone has any experience using this? This has to

be used in conjuction with GPMC.

2) GPMC from Microsoft: This tool may have the functionationality I am

looking for interms of finding the changed GPOs but I am not so sure.

3) GPInventory from Microsoft: I am not sure about this either.

4) Secedit from Microsoft: Does this run on Windows 2000?

If you have any experience with these tools can you please provide me
some feedback? I need to know which one will be the best choice to
figure out the GPO settings changed after a default installation.

Thanks.

Koolk3

On 5/24/06, Koolk3 <koolk3@xxxxxxxxx> wrote:
Hello list,

Basically, I am trying to find the policies that has been changed by

active directory after a default Windows 2000 installation. The
policies were modifed without any documenattion and now it is a
problem.

I am looking for a tool that can help me audit Active Directory
policies that has been applied to Windows 2000 workstations. Ideally

the tool should know the default policy (from original win 2000
install) and then give me a report on what has changed.

Most tools that does this are for Windows XP and I need something
for Windows 2000.

Any suggestions?

Sincerely,
--
KoolK3



--
KoolK3



--
KoolK3



Relevant Pages

  • WPA2 support + Group Policy
    ... support for WPA2 to be defined in group policies in Windows XP SP2 ... Reading the Microsoft blub again, ...
    (microsoft.public.windows.group_policy)
  • Re: XP SP3 Problems/Help
    ... What in the release notes for SP-3 convinced you that you must have ... latest version of MDAC and not as part of Windows Update. ... Microsoft requires it, they'll shove it at you when you visit Windows ... Well, if you haven't figured them out by now, you don't use policies. ...
    (microsoft.public.windowsxp.general)
  • RE: AD Policy audit tool for Windows 2000
    ... I don't have this or a Windows 2000 machine handy so I ... This can compare settings ... GPInventory from Microsoft: I am not sure about this either. ... I am trying to find the policies that has been changed by ...
    (Security-Basics)
  • Re: WinPak
    ... Fix for Running Winpak 2 version 4 on Windows XP machine with Service Pack ... POLICIES ... MICROSOFT ... Then click anywhere in the RPC window and CREATE New DWord value ...
    (microsoft.public.windowsxp.network_web)
  • Re: WinPak
    ... Fix for Running Winpak 2 version 4 on Windows XP machine with Service Pack ... POLICIES ... MICROSOFT ... Then click anywhere in the RPC window and CREATE New DWord value ...
    (microsoft.public.windowsxp.network_web)