Re: AD Policy audit tool for Windows 2000

On 2k and 2k3, you should be able to use the SCA Tool (Security
Configuration and Administration - it's an MMC snap-in) to compare
your existing policy to a defined baseline. It allows you to load up
any of the pre-existing AD templates from MS or another template
vendor (or your own) and delta it against the config on the box. It's
very effective and fast - blue checkmark means the setting is the
same, red x means it's different. I use it all the time to see where a
client's system differs from the default group policy config.


On 5/25/06, Koolk3 <koolk3@xxxxxxxxx> wrote:
Just to clarify on this a bit more. I need to know what settings that
are applied. I don't need a report showing me the status of every
policy. Just the ones that have been changed from their default.


On 5/25/06, Koolk3 <koolk3@xxxxxxxxx> wrote:
> Thanks everyone for your responses. Here is an update on what I have
> found so far. I would also like to have your feedback on any of the
> tools listed here if you have any experience with them.
> 1) GPOVault (free) from DesktopStandard: This can compare settings
> between 2 GPO rsops. Anyone has any experience using this? This has to
> be used in conjuction with GPMC.
> 2) GPMC from Microsoft: This tool may have the functionationality I am
> looking for interms of finding the changed GPOs but I am not so sure.
> 3) GPInventory from Microsoft: I am not sure about this either.
> 4) Secedit from Microsoft: Does this run on Windows 2000?
> If you have any experience with these tools can you please provide me
> some feedback? I need to know which one will be the best choice to
> figure out the GPO settings changed after a default installation.
> Thanks.
> Koolk3
> On 5/24/06, Koolk3 <koolk3@xxxxxxxxx> wrote:
> > Hello list,
> >
> > Basically, I am trying to find the policies that has been changed by
> > active directory after a default Windows 2000 installation. The
> > policies were modifed without any documenattion and now it is a
> > problem.
> >
> > I am looking for a tool that can help me audit Active Directory
> > policies that has been applied to Windows 2000 workstations. Ideally
> > the tool should know the default policy (from original win 2000
> > install) and then give me a report on what has changed.
> >
> > Most tools that does this are for Windows XP and I need something for
> > Windows 2000.
> >
> > Any suggestions?
> >
> > Sincerely,
> > --
> > KoolK3
> >
> --
> KoolK3


Rob McComber, GSEC, MCSE
Product Security Specialist, Telvent

Relevant Pages

  • Windows Shortcut Keys and "ALT+TAB" not working because of GPO
    ... We've got an issue with a machine policy which prohibits us of using Windows ... Deny access to this computer from the network Support_388945a0, ... Policy Setting ...
  • Re: Overriding default SBS 2008 policies
    ... "Straight out of the box, Windows Small Business Server is configured with a set of preconfigured Group Policy objects, defined especially for the server running ... Windows SBS 2008 and its network clients. ... Default Domain Controllers Policy This policy is not specific to Windows Small Business Server, but is a typical Group Policy found on all servers that are Active ...
  • Re: map drives
    ... Group Policy Preference Client Side Extensions for Windows XP (KB943729 ... AccountingGroup Policy Management ... The settings in this GPO can only apply to the following groups, users, ... login script in GPMC. ...
  • Re: GP errors
    ... Then later shutdown second one and start the first one. ... machine (MTCCSAPROUTER) to the domain and those errors are not coming. ... The policy for which it is giving access denied error is the Default ... Windows cannot query for the list of Group Policy objects. ...
  • Re: XP is great
    ... > The OS'es and Apps (Linux & Windows) allude to being user-customizable by ... You seem to prescribe to the theory of BG that any fault found in it ... of those who refuse to admit to and fix them, ... I'm sorry but to say it should never be changed from default config is ...