What is the best way to compare two sets of GPO .pol files?
Posted on 2008-01-25
Background: My office is planning on implementing the NIST FDCC GPO and registry settings quite soon. The NIST FDCC further locks down our computers based on NIST policy mandate. Part of our deployment involves sending a package to offline Tablet PCs which need to have this update implemented without any contact to the authenticating servers.
Request: I'd like to be able to compare two sets (a set may contain only one file) of .pol file(s) to each other and find which items "overlap".
The first set of files will obviously be the NIST provisioned pol files while the second set is what we use in our OU at the moment. There are a lot overlapping settings that i will need to manually edit to apply to the Tablet PCs manually which need to be decided upon.
additional notes: Whether or not this is possible is up to interpretation. At a minimum, i'd like for someone to point me in the right direction in being able to read and manipulate .pol file data so that i could make my own tool. Optimally, i would like to know if there are tools out there that have this comparitive capability.
I have searched Google and am currently messing with RSOP's gpresults but that doesn't hit the sweet spot i'm looking for.
any advise, example would be appreciated at this point.
thanks in advance for reading the above novel.