Re: GPO & IPSEC question

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 03/10/04 

Date: Wed, 10 Mar 2004 00:52:40 -0700

The following is a solution, but not for IPsec policy.

You can also use GPMC to make a report (and for that matter
a backup) of the GPOs. There are scripts in the GPMC install
dir structure for these.
You can then automate a bulk reporting of GPOs, and then do
a windiff (or other compare) against the reference reports.

GPMC does not handle the IPsec policy in its reports.
For these you could look into using the ipsec context of netsh
if you are in W2k3. 

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"rav" <ravburano@hotmail.com> wrote in message
news:eeOoebfBEHA.712@tk2msftngp13.phx.gbl...
> Thanks, wil giveit a go.
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news:%23dsoVyxAEHA.1380@TK2MSFTNGP10.phx.gbl...
> > "rav" <ravburano@hotmail.com> wrote in message
> > news:uFh9f8SAEHA.3220@TK2MSFTNGP10.phx.gbl...
> > > GPO Comparison
> > >
> > > I am looking for a tool that will compare a GPO against another GPO to
> see
> > > the differences if any. Basically it is to check if anyone changed a
> > > setting, forgot what they changed and need to turn it back, they could
> do
> > > any easy compare by running the GPO against the original saved one.
Does
> > > something like this exist, the security analysis mmc obviously only
> checks
> > > the security aspects.
> >
> > It isn't precisely what you requested but these are darn close:
> >
> > RSoP will  analyze policies.(Ok, you still have to look through the
> result)
> >
> > How about:
> > Using SecEdit to load each policy on a test machine, and then do an
> > Analyze (or maybe the GUI version, Security Configuration and
> > Analysis MMC.)
> >
> > -- 
> > Herb Martin
> > >
> > >
> > >
> > >
> > >
> > > IPSEC authentication method
> > >
> > > I wish to use certs for authentication but when I chose a CA it only
> lists
> > > Root CAs. What if your Root CA is offline and you want to use a sub
> > > enterprise CA to issue the certs. It seems it will only accept a root
ca
> > and
> > > nothing else. What is the way around this?
> > >
> > >
> > >
> > > Thanks
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: GPO OBJECT ACCESS
    ... Try rebooting the computer and using gpresult on it to see if it reports the ... computer in the new OU and what Group Policies are applying to it and last ... >> in the computer portion of the gpo. ... >> i also removed the control panel from the user section in the gpo. ...
    (microsoft.public.win2000.group_policy)
  • Re: GPO not applied to new OU for TS
    ... It still is not working in the TERMSVR = OU?? ... When you look at the Group Policy properties it's ... > I was just kinda of curious why the TS wouldl isten to the main GPO on the ... View the results to see if it reports that the TS is ...
    (microsoft.public.win2000.group_policy)
  • Re: users reaching server from computer not in domain
    ... GPO for Computers should include Respond Only Ipsec policy. ... llawren felt like saying: ...
    (microsoft.public.windows.server.security)
  • Re: logon script not running under OU
    ... Run gpresult on the problem ... machine in the new GPO to see if it reports it in the correct OU, ... > troubleshoot this? ...
    (microsoft.public.win2000.group_policy)
  • Re: IPSEC Policy question
    ... and then reboot the computers you want to ipsec policy to apply to. ... It is also helpful define another setting or two in the GPO to see ... Group Policy problems can often be caused by dns misconfiguration ...
    (microsoft.public.windows.group_policy)
Quantcast