Re: WMI missing security settings

Jeffery,

Thanks for the reply. If I understand you correctly, all RSoP_x WMI settings
do not
consider local settings? If this is the case, secedit should be the right
way of retrieving and
modifying these values? Or are there any other ways of doing this?

The link was also helpful.

"Jeffrey Tan[MSFT]" <jetan@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23qFAX1EpIHA.2208@xxxxxxxxxxxxxxxxxxxxxxx
The statement "this setting is not work on local GPO" in my last mail is
not very exactly. Technically speaking, the items under "Security
Settings"
node in "Local Group Policy Editor" (Run "gpedit.msc") is not a real part
of Local GPO. It's just a combined UI to set "Local Group Policy" and
"Local
Security Settings" together. You can see the different between UI of
setting them in domain GPO and "local GPO". This is the UI for setting
domain GPO
(Please note the "Define this policy setting" check box): (see attached
gp1.jpg)

This is the UI for setting "Local GPO" (It only has 2 states of "Enabled"
and "Disabled" but cannot be "Not configured"): (see attached gp2.jpg)

So that's the reason of security settings are not reflected in RSoP even
you set them in local GPO. The settings are effective, but not belong to
any "Group Policy Object". It's a little complicate. Design as this is
because the local policy and domain group policy are totally different
things in win2k, and we migrate them together in win2k3.

About the different outputs between MMC/WMI/secedit, you can refer to this
KB article: http://support.microsoft.com/kb/257922/en-us


.

Relevant Pages

  • Re: New ADM file to change IE history retention settings
    ... I'm doing it on my local GPO and then running GPupdate on my PC and it's not changing the settings that I want changed. ... The only thing I can imagine is that a domain policy is overwriting your policy. ...
    (microsoft.public.windows.group_policy)
  • Re: export/import local group policy?
    ... security policies are not represented in the local file system and therefore can't be copied (you would have to export security settings using a tool like secedit.exe). ... Secondly, just copying an existing local GPO's files from one machine to the next may not guarantee that it actually processes, because the local GPO's current version number, held in those files, would need to be incremented from the existing version on the target to ensure that the changed local GPO was detected. ... Group Policy Blog: http://www.sdmsoftware.com/blog ... I have all domain members getting updates ...
    (microsoft.public.windows.group_policy)
  • Re: export/import local group policy?
    ... There is no way to export a local GPO. ... Powershell to write scripts that can modify domain or local GPO settings ... Group Policy Blog: http://www.sdmsoftware.com/blog ... What about using export in the Local Security Policy editor and then apply ...
    (microsoft.public.windows.group_policy)
  • Re: Gpedit.msc, list only configured settings
    ... I assume that you want this for the local GPO? ... Have you looked into the Group Policy Management Console? ... How can i get a list of only configured settings of a group policy object? ...
    (microsoft.public.windows.server.active_directory)
  • Re: Copy group policy from one PC to another
    ... The Computer Security Settings of the Local GPO can be exported to INF and imported to another computer. ... many changes to the Local Group Policy on the first computer, ... to automate the exact same Policy settings on the second computer? ...
    (microsoft.public.windowsxp.security_admin)