Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies. Only from Platform Scholar.
COURSE of the MONTH
8 days, 13 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
The tool to show all the GPO settings across an entire network
Posted on 2013-05-24
Hello all,
I am going to review and update all the GPO setting in my company. I would like to compare GPO settings in our network to see exactly what needs to be dealt with and what need to be improved. I wonder if there is a tool or a program that can show me all the GPO settings.
Aso, what are the best practices for GPO?
Thanks,
I am going to review and update all the GPO setting in my company. I would like to compare GPO settings in our network to see exactly what needs to be dealt with and what need to be improved. I wonder if there is a tool or a program that can show me all the GPO settings.
Aso, what are the best practices for GPO?
Thanks,
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
8-
7
- +2
18 Comments
Group Policy Management Console is the tool to use. There are also GPMC scripts that can help
http://msdn.microsoft.com/en-us/library/windows/desktop/aa814151(v=vs.85).aspx
Group Policy MVP Darren has a great presentation on some best practices from TechEd last year
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/WSV206
Thanks
Mike
http://msdn.microsoft.com/en-us/library/windows/desktop/aa814151(v=vs.85).aspx
Group Policy MVP Darren has a great presentation on some best practices from TechEd last year
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/WSV206
Thanks
Mike
GPOs are set by domain / forest, not by network. You would find all GPOs for a domain in the Group Policy Management console, which is Automatically on 2008 Domain controllers and would need to be installed on 2003 Domain controllers (Link: http://www.microsoft.com/en-us/download/details.aspx?id=21895)
There is no real Best Practice as a company's GPOs completely depends on the company and what type of security you are looking to uphold.
There is no real Best Practice as a company's GPOs completely depends on the company and what type of security you are looking to uphold.
What is the Windows version supporting your Active Directory infrastructure?
Most of the GPOs tasks can be done with the native Windows tools, exactly "Group Policy Management" console. If you have Windows 2008, 2008 R2 or 2012 this console should be present by default, if you have Windows Server 2003 you can just download it from the Microsoft Webisite:
http://www.microsoft.com/en-us/download/details.aspx?id=21895
With this tool you can make many things relate to polices, one simple one is make click on the desired policy and check the summarized settings that it has configured without open/editing the policy itself
The best practices for GPOs are going to depend for the scope and madurity level of your organization, this link can give you some basic recommendations:
http://technet.microsoft.com/en-us/library/cc779168(v=WS.10).aspx
Additionally it is strongly recommended that you create a test OU where you test tour polices, if this policy doesn't have the expected results just take the tested object outside from this OU and it will be Ok. Make this all the time before applying the polices to a bigger container, another important one... Use the Default Domain Policy just for password relate polices, the rest of the configurations make them with a new GPO linked in the container where you want to apply them
It is very important too, to understand what is the behavior of the policy that we want to apply for not having unexpected results.
Most of the GPOs tasks can be done with the native Windows tools, exactly "Group Policy Management" console. If you have Windows 2008, 2008 R2 or 2012 this console should be present by default, if you have Windows Server 2003 you can just download it from the Microsoft Webisite:
http://www.microsoft.com/en-us/download/details.aspx?id=21895
With this tool you can make many things relate to polices, one simple one is make click on the desired policy and check the summarized settings that it has configured without open/editing the policy itself
The best practices for GPOs are going to depend for the scope and madurity level of your organization, this link can give you some basic recommendations:
http://technet.microsoft.com/en-us/library/cc779168(v=WS.10).aspx
Additionally it is strongly recommended that you create a test OU where you test tour polices, if this policy doesn't have the expected results just take the tested object outside from this OU and it will be Ok. Make this all the time before applying the polices to a bigger container, another important one... Use the Default Domain Policy just for password relate polices, the rest of the configurations make them with a new GPO linked in the container where you want to apply them
It is very important too, to understand what is the behavior of the policy that we want to apply for not having unexpected results.
mkline71,
I use this command ListAllGPO.wsf but it does not work. Please see it below:
C:\Users\lly>ListAllGPOs.w
'ListAllGPOs.wsf' is not recognized as an internal or external command, operable program or batch file.
I use this command ListAllGPO.wsf but it does not work. Please see it below:
C:\Users\lly>ListAllGPOs.w
'ListAllGPOs.wsf' is not recognized as an internal or external command, operable program or batch file.
Did you download the scripts
http://www.microsoft.com/en-us/download/details.aspx?id=14536
Thanks
Mike
http://www.microsoft.com/en-us/download/details.aspx?id=14536
Thanks
Mike
Mike,
I don't want to download it to my AD now. I just downloaded to my laptop Win 7 but still could not run that command.
Thanks,
I don't want to download it to my AD now. I just downloaded to my laptop Win 7 but still could not run that command.
Thanks,
Attaching a screenshot from my lab. The scripts go into programfiles (x86)\Microsoft Group Policy\GPMC Sample Scripts by default (you can change that during install)
For this example I used the default install path.
Then run the script
cscript listallgpos.wsf
Thanks
Mike
For this example I used the default install path.
Then run the script
cscript listallgpos.wsf
Thanks
Mike
Active 1 day ago
If you want to manage the Group Policies from your laptop you can install the Remote Server Administration Tools for Windows 7 with Service Pack 1 (SP1) on your Windows 7 machine and use gpmc.msc to administer you domain policies.
Here is a an article that explains the steps needed to install the RSAT on your computer.
Do not forget to activate the "Windows Feature" for gpmc once you have installed the RSAT. It is explained in details in the "Important" section in the article (you can open Turn Windows features on or off by running control appwiz.cpl,,2 form command prompt or Run menu).
One more thing, this option is available only for Ultimate and Enterprice versions of Windows 7.
Here is a an article that explains the steps needed to install the RSAT on your computer.
Do not forget to activate the "Windows Feature" for gpmc once you have installed the RSAT. It is explained in details in the "Important" section in the article (you can open Turn Windows features on or off by running control appwiz.cpl,,2 form command prompt or Run menu).
One more thing, this option is available only for Ultimate and Enterprice versions of Windows 7.
Mike,
I was on vacation. So, i could not test it on my laptop. This morning, I tried it but I received:
C:\Program Files (x86)\Microsoft Group Policy\GPMC Sample Scripts\listallgpos.ws
f(19, 2) Microsoft JScript runtime error: Automation server can't create object
I was on vacation. So, i could not test it on my laptop. This morning, I tried it but I received:
C:\Program Files (x86)\Microsoft Group Policy\GPMC Sample Scripts\listallgpos.ws
f(19, 2) Microsoft JScript runtime error: Automation server can't create object
Do you have GPMC installed on your laptop?
http://www.microsoft.com/en-us/download/details.aspx?id=21895
Thanks
Mike
http://www.microsoft.com/en-us/download/details.aspx?id=21895
Thanks
Mike
I turned on the feature "Group Policy" in the contron panel. It works. How do I do to export it to the document? Thanks,
Featured Post
Machine learning means Smarter Cybersecurityâ„¢ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s
ManageEngine
webinar, where attendees received a comprehensive look at the ma…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
- Windows 10
- Microsoft Legacy OS
- Windows 8
- Windows OS
- Windows 7
- Windows Vista, Windows XP, Windows 2000, *Windows Explorer, *Internet Explorer (IE)
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month8 days, 13 hours left to enroll
764 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.