Solved

Search all GPO's for a setting

Posted on 2014-03-04
10
42 Views
Last Modified: 2015-06-23
I have inherited an AD domain and I'm currently trying to figure out what was setup  ( pretty much EVERY security and Best practices violation exists here!!)  Currently I'm trying to find which GPO  (there are 20) has the setting for password complexity.  I should be able to find it but I haven't found a GPO with this setting turned on. It's really odd.  I'm probably just missing it somewhere,  but there should be a way to search all the GPO's in the domain for this setting ( assuming it wasn't done at the local machine level!!)are there any good tools (I'd prefer NOT to use powershell if I can)

thanks
0
Comment
Question by:pcmm
  • 3
  • 2
  • 2
  • +2
10 Comments
 
LVL 19

Expert Comment

by:helpfinder
Comment Utility
in GPO management console you can check each GPO for settings they affecting (in the right pane under Settinfs tab)
0
 
LVL 21

Expert Comment

by:Joseph Moody
Comment Utility
You can search your domain in the GPMC.  Under domains, you will see your domain name. Right click on it and select search.
0
 
LVL 19

Expert Comment

by:helpfinder
Comment Utility
or try Search option in GPO management with search criteria like this

gpo_search
0
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
Also take an RSoP report for a computer/user in the domain and it should tell you where the setting is being applied from.

Password settings are special as they have to be linked at the domain level.  

Thanks

Mike
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:pcmm
Comment Utility
Thanks,  I've done that,  odd thing is that I get results but none of them have any password complexity rules turned on, yet my domain requires it!
0
 
LVL 19

Expert Comment

by:helpfinder
Comment Utility
on the computer you assume that GPO is applied check local GPO for such a settings
0
 

Author Comment

by:pcmm
Comment Utility
Sorry for the delay getting back.  I've searched in the group policy editor,  I've searched local policies,  I've tried GPRESULT /z .... and nowhere can I so far find any settings that suggest Password complexity is turned on,  but each time I try to change passwords,  I get that familiar password complexity error ( If I don't use a password that complies)  I've never seen anything like this before!  any further ideas?
0
 
LVL 21

Accepted Solution

by:
Joseph Moody earned 250 total points
Comment Utility
Try the powershell script in the second part of this page:

http://deployhappiness.com/searching-gpos-for-that-specific-setting/
0
 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now