Solved

Search all GPO's for a setting

Posted on 2014-03-04
10
47 Views
Last Modified: 2015-06-23
I have inherited an AD domain and I'm currently trying to figure out what was setup  ( pretty much EVERY security and Best practices violation exists here!!)  Currently I'm trying to find which GPO  (there are 20) has the setting for password complexity.  I should be able to find it but I haven't found a GPO with this setting turned on. It's really odd.  I'm probably just missing it somewhere,  but there should be a way to search all the GPO's in the domain for this setting ( assuming it wasn't done at the local machine level!!)are there any good tools (I'd prefer NOT to use powershell if I can)

thanks
0
Comment
Question by:pcmm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
10 Comments
 
LVL 19

Expert Comment

by:helpfinder
ID: 39903703
in GPO management console you can check each GPO for settings they affecting (in the right pane under Settinfs tab)
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 39903710
You can search your domain in the GPMC.  Under domains, you will see your domain name. Right click on it and select search.
0
 
LVL 19

Expert Comment

by:helpfinder
ID: 39903727
or try Search option in GPO management with search criteria like this

gpo_search
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 57

Expert Comment

by:Mike Kline
ID: 39903801
Also take an RSoP report for a computer/user in the domain and it should tell you where the setting is being applied from.

Password settings are special as they have to be linked at the domain level.  

Thanks

Mike
0
 

Author Comment

by:pcmm
ID: 39903806
Thanks,  I've done that,  odd thing is that I get results but none of them have any password complexity rules turned on, yet my domain requires it!
0
 
LVL 19

Expert Comment

by:helpfinder
ID: 39903821
on the computer you assume that GPO is applied check local GPO for such a settings
0
 

Author Comment

by:pcmm
ID: 39918054
Sorry for the delay getting back.  I've searched in the group policy editor,  I've searched local policies,  I've tried GPRESULT /z .... and nowhere can I so far find any settings that suggest Password complexity is turned on,  but each time I try to change passwords,  I get that familiar password complexity error ( If I don't use a password that complies)  I've never seen anything like this before!  any further ideas?
0
 
LVL 22

Accepted Solution

by:
Joseph Moody earned 250 total points
ID: 39918135
Try the powershell script in the second part of this page:

http://deployhappiness.com/searching-gpos-for-that-specific-setting/
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40845965
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question