FBCTech
asked on
GPResult not showing Account Policies or Audit Policy information.
I manage a secure control network, that does not currently have a domain. We are running Windows 7. We use local accounts, and I have some basic local group policy settings configured. I was looking for a way to document and audit these settings, and found that GPResult does a really nice job of reporting most of my settings. However the sections Account Policies and Audit Policy, under the Computer Configuration section, show N/A for the results.
I have Password length and complexity requirements set, as well as Audit Policies in the Local Group Policy. If I run auditpol.exe it shows me that the Audit Policy I set is in affect.
The command I am running is: gpresult -Z -F >C:\Temp\report.txt
When I run that command on my domain computer, it shows the Default Domain Policy settings for Passwords and Audit. Does it show up as N/A because this section only reports on Domain based Policies? I thought it was supposed to report whatever the RSOP is.
I have Password length and complexity requirements set, as well as Audit Policies in the Local Group Policy. If I run auditpol.exe it shows me that the Audit Policy I set is in affect.
The command I am running is: gpresult -Z -F >C:\Temp\report.txt
When I run that command on my domain computer, it shows the Default Domain Policy settings for Passwords and Audit. Does it show up as N/A because this section only reports on Domain based Policies? I thought it was supposed to report whatever the RSOP is.
You are on the right track--I copied and ran your exact command on my PC (also not on a domain) and got the same results N/A -- keep in mind that Group policy is there to apply common settings to more than one user or PCs (in a network) so the n/a indicates that in the setting for this one system this common setting is not applied (or not applicable) but may be if it becomes part of a common network.
ASKER
But the settings are applied, the audit policy sets what types of events are logged and I receive those in event viewer and on my syslog server. Also if I run the net accounts command, I can see the password policy, I have not yet tried to set a password that does not comply with my policy to confirm if it is enforced. I can create reports that show what I need using 3 commands, but I believe it should be all shown in that 1 report.
If that is not how gpresult works, that is also fine, as long as I have some proof to show the auditors if they ask why it says N/A.
If that is not how gpresult works, that is also fine, as long as I have some proof to show the auditors if they ask why it says N/A.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok thanks, I already have found other commands as I said in my previous comments. I am hoping to move to a domain at some point in the future, but it is easier said than done.
For the time being, I am going to assume that gpresult only reports these sections from a domain policy and just use multiple reports.
thank you.
For the time being, I am going to assume that gpresult only reports these sections from a domain policy and just use multiple reports.
thank you.