Solved

Grou Policy results showing an entry I cannot find in Group Policies

Posted on 2013-01-25
12
822 Views
Last Modified: 2013-02-02
Ok so when I run gpresult /z I get the following (I removed all non pertinent information so this is a partial result)

My question is: at the bottom it shows atlas.abc.etc..  - where is this coming from?  Its NOT in my group policies and if it is, I cant find it anywhere.

Any more information you may need to solve this, please ask.

___________________________________________________________________
RSOP data for XXXXXXXXX on XXXXXXXXXXX : Logging Mode
-----------------------------------------------------

OS Configuration:            Member Workstation
OS Version:                  6.1.7601
Site Name:                   XXXXXXXXXX
Roaming Profile:             N/A
Local Profile:               C:\Users\XXXXX
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
    CN=XXXX,OU=XXXXX,DC=XXXX,DC=XXX,DC=com
    Last time Group Policy was applied: 1/25/2013 at 2:24:20 PM
    Group Policy was applied from:      XXXXX.com
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        XXXX
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        ABCD Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        ABC Use Surf Control Web Filter Proxy (MPLS Sites)
            Filtering:  Denied (Security)

        Local Group Policy
            Filtering:  Not Applied (Empty)

    The computer is a part of the following security groups
    -------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        BUILTIN\Users
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        This Organization
        WPL642014$
        WSUS_Computers
        Domain Computers
        CERTSVC_DCOM_ACCESS
        System Mandatory Level
       
USER SETTINGS
--------------
    CN=XXXX\, XXXX,OU=Users,OU=Corporate,OU=Users and Computers,DC=ABC,DC=ABCD,DC=com
    Last time Group Policy was applied: 1/25/2013 at 2:24:20 PM
    Group Policy was applied from:      FILESRV.ABC.ABCD.com
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        ABC
    Domain Type:                        Windows 2000
   
    Applied Group Policy Objects
    -----------------------------
        ABC Use Surf Control Web Filter Proxy (MPLS Sites)
        Administrator Level Permission Desktop Hardening
        ABCD Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

        Internet Explorer Connection
        ----------------------------
            HTTP Proxy Server:   N/A
            Secure Proxy Server: N/A
            FTP Proxy Server:    N/A
            Gopher Proxy Server: N/A
            Socks Proxy Server:  N/A
            Auto Config Enable:  No
            Enable Proxy:        No
            Use same Proxy:      No

            HTTP Proxy Server:   atlas.ABC.ABCD.com:8080
            Secure Proxy Server: atlas.ABC.ABCD.com:8080
            FTP Proxy Server:    atlas.ABC.ABCD.com:8080
            Gopher Proxy Server: atlas.ABC.ABCD.com:8080
            Socks Proxy Server:  atlas.ABC.ABCD.com:8080
            Auto Config Enable:  No
            Enable Proxy:        No
            Use same Proxy:      Yes
0
Comment
Question by:cpkuser1
12 Comments
 
LVL 16

Expert Comment

by:choward16980
ID: 38820258
Sounds like the local security policy of the machine you ran the command on.
0
 
LVL 18

Expert Comment

by:sarang_tinguria
ID: 38820272
check the internet explorer maintainance settings in local group policy of the system where you ran the gpresut
0
 
LVL 2

Author Comment

by:cpkuser1
ID: 38820273
Ok, just looked in Local Security Policies, dont see anything relating to IE much less atlas.abc
 - where in LSP would I find this?

I dont see IE Maint in local security policies.
0
 
LVL 24

Accepted Solution

by:
smckeown777 earned 500 total points
ID: 38820315
From the output of gpresult the policy is called

Internet Explorer Connection

Have you a policy on the server or client by that name?

In that policy drill into User Config - Policies - Windows Settings - Internet Explorer Maintenance

Look in Proxy Settings in there...that's where those settings normally live
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 38820326
Do you or did you have a machine on the network called 'atlas' at any stage?
0
 
LVL 2

Author Comment

by:cpkuser1
ID: 38820344
@smc- thats not a policy name, remember I removed a bunch of un-necessary information.  Internet Explorer Connection is not the name of a policy (never was), thats the sub section of whatever policy.

@smc - YES there was an atlas machine at one point many moons ago.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 24

Expert Comment

by:smckeown777
ID: 38820368
You removed information? There's no reason to remove information from the output of gpresult, we need to see whatever it reports to help you...this is all internal information, nothing that we(or anyone) can use if you are worried about posting info online...

The output shows that this policy(whatever it was called) was not applied...so can you tell us what the name was? The bit you removed I mean?

In that policy drill into where I said and you should see what is needed...

Or, someone created a local policy to utilize the former 'atlas' machine as a proxy for some reason...is my other guess
0
 
LVL 2

Author Comment

by:cpkuser1
ID: 38820445
ok here is the whole output

And - that info is NOT IN ANY POLICY THAT EXISTS thats why I am asking.
info1.txt
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 38820547
Ok, one other place this could be set...in the Preferences section...

Have you checked in Default Domain Policy under

User Config - Preferences - Control Panel Settings - Internet Settings - anything set in there?

The output you've provided is very detailed - can you instead post result of
gpresult /v

I see there are a number of policies, you may need to check each one...or provide output from /v above and we can narrow this down another bit...
0
 
LVL 2

Assisted Solution

by:cpkuser1
cpkuser1 earned 0 total points
ID: 38826619
Ok found it.  This is weird.  In User Config - Policies - Windows Settings - Internet Explorer Maintenance - Enable Proxy was NOT checked making all the boxes greyed out.  But just for S+G's I clicked ENABLE proxy settings and there it was in all the boxes.  I erased it, and then UNCHECKED Enable proxy.

So even though Enable proxy was NOT checked and NOT in use.  It was still showing up!!! Must be a bug in GPO or something.  It didnt show up there until I checked Enable which makes no sense at all!!
0
 
LVL 2

Author Closing Comment

by:cpkuser1
ID: 38846365
Ultimately it was my clicking a box for no reason that found the issue.  I am offering partial credit to SMC since he was kind enough to participate.
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 38846581
Nice find, wouldn't have thought that would happen!

Thanks for the points...
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now