Re: WMI missing security settings

Thanks for the explanation. You mentioned that EnableGuestAccount does
not work on local GPO. How should I find out if a setting works on local GPO
or ot? Is it true that none of the settings we retrieve from WMI
RSOP_SecuritySettings
works on local GPO?


""Jeffrey Tan[MSFT]"" <jetan@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23i0mpP5nIHA.4932@xxxxxxxxxxxxxxxxxxxxxxxxx
Hi JH,

Thanks for your feedback.

Yes, I can reproduce this problem with the code.

In fact, the rsop (MMC snap-in and WMI class) shows the finally result
view
of the GPOs (domain/OU/Local/etc.) applying. So the problem is if the
setting (for example the Guest Account Status) are "Not configured" in
every effective GPO, it will be hidden in the rsop view. The 4 items we
have retrieved with the script
(ClearTextPassword/PasswordComplexity/RequireLogonToChangePassword/ForceLogo
ffWhenHourExpire) are shown with the script is because they are configured
by the "Default Domain Policy". An evidence is if you run this script on a
workgroup machine, it will show nothing at all.

So this behavior -- show only 4 items in a domain member machine with
default setting - is expected.

The other properties are not shown is just because of these setting are
not
configured in any GPO. Can you ensure these settings are configured with
rsop and/or gpmc?

In my reproduce, if setting the "Computer Configuration -> Windows
Settings
-> Security Settings -> Local Policies ->> Security Options ->
Accounts:Guest account status" to "Enabled" on Domain GPO (this setting is
not work on local GPO), the EnableGuestAccount will be shown with the
script.

Hope this helps.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
=========================================
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx

This posting is provided "AS IS" with no warranties, and confers no
rights.



.

Relevant Pages

  • Re: Help me Please URGENT!!!!!
    ... > this part I need to apply this Local GPO Configuration only on a specific ... Can you perform the script actions MANUALLY ... > I need to configure in Local GPO the "User Configuration". ... > Then I need to create a script which run this configuration to logon of this> specific user. ...
    (microsoft.public.win2000.security)
  • Re: Help me Please URGENT!!!!!
    ... I need to configure in Local GPO the "User Configuration". ... Then I need to create a script which run this configuration to logon of this ...
    (microsoft.public.win2000.security)
  • Problem adding a local GPO to a remote PC with REG.EXE
    ... For reasons too tedious to go in to I need to add a local GPO on a remote PC ... to run a Startup script using a VB Script wihich utilises the reg.exe ... At first the script was adding in just the following regisrty entries: ... Does anyone have any idea what is missing? ...
    (microsoft.public.windowsxp.help_and_support)
  • Adding a local GPO with REG.EXE
    ... For reasons too tedious to go in to I need to add a local GPO on a remote PC ... to run a Startup script using a VB Script wihich utilises the reg.exe ... At first the script was adding in just the following regisrty entries: ... Does anyone have any idea what is missing? ...
    (alt.os.windows-xp)
  • Re: Local Policy and logoff scripts
    ... what I would do is delete the script from the local GPO ... MS-MVP-Windows Server--Group Policy ... > I have a logoff script which I would like to run on all machines within an ...
    (microsoft.public.windows.group_policy)