Security Basics mailing list archives
RE: AD Policy audit tool for Windows 2000
From: "Crawley, Jim" <Jim.Crawley () yrbrands com>
Date: Fri, 26 May 2006 08:10:52 +1000
Have you looked at gpresult.exe? It's part of the Windows 2000 Server resource kit. I don't have this or a Windows 2000 machine handy so I cannot test it to verify how close it is to what you've requested. -----Original Message----- From: Koolk3 [mailto:koolk3 () gmail com] Sent: Friday, 26 May 2006 12:27 AM To: security-basics () securityfocus com Subject: Re: AD Policy audit tool for Windows 2000 Just to clarify on this a bit more. I need to know what settings that are applied. I don't need a report showing me the status of every policy. Just the ones that have been changed from their default. Koolk3 On 5/25/06, Koolk3 <koolk3 () gmail com> wrote:
Thanks everyone for your responses. Here is an update on what I have found so far. I would also like to have your feedback on any of the tools listed here if you have any experience with them. 1) GPOVault (free) from DesktopStandard: This can compare settings between 2 GPO rsops. Anyone has any experience using this? This has to
be used in conjuction with GPMC. 2) GPMC from Microsoft: This tool may have the functionationality I am
looking for interms of finding the changed GPOs but I am not so sure. 3) GPInventory from Microsoft: I am not sure about this either. 4) Secedit from Microsoft: Does this run on Windows 2000? If you have any experience with these tools can you please provide me some feedback? I need to know which one will be the best choice to figure out the GPO settings changed after a default installation. Thanks. Koolk3 On 5/24/06, Koolk3 <koolk3 () gmail com> wrote:Hello list, Basically, I am trying to find the policies that has been changed by
active directory after a default Windows 2000 installation. The policies were modifed without any documenattion and now it is a problem. I am looking for a tool that can help me audit Active Directory policies that has been applied to Windows 2000 workstations. Ideally
the tool should know the default policy (from original win 2000 install) and then give me a report on what has changed. Most tools that does this are for Windows XP and I need something for Windows 2000. Any suggestions? Sincerely, -- KoolK3-- KoolK3
-- KoolK3
Current thread:
- AD Policy audit tool for Windows 2000 Koolk3 (May 24)
- Re: AD Policy audit tool for Windows 2000 Saqib Ali (May 25)
- Re: AD Policy audit tool for Windows 2000 Koolk3 (May 25)
- Re: AD Policy audit tool for Windows 2000 Koolk3 (May 25)
- RE: AD Policy audit tool for Windows 2000 Roger A. Grimes (May 29)
- Re: AD Policy audit tool for Windows 2000 Rob McComber (May 29)
- Re: AD Policy audit tool for Windows 2000 Koolk3 (May 25)
- <Possible follow-ups>
- RE: AD Policy audit tool for Windows 2000 Ramsdell, Scott (May 25)
- Re: AD Policy audit tool for Windows 2000 Raoul Armfield (May 29)
- RE: AD Policy audit tool for Windows 2000 Crawley, Jim (May 29)
- Re: AD Policy audit tool for Windows 2000 Koolk3 (May 31)