Re: AD Policy audit tool for Windows 2000

["Rob McComber" <rmccomber () gmail com>]

On 2k and 2k3, you should be able to use the SCA Tool (Security
Configuration and Administration - it's an MMC snap-in) to compare
your existing policy to a defined baseline. It allows you to load up
any of the pre-existing AD templates from MS or another template
vendor (or your own) and delta it against the config on the box. It's
very effective and fast - blue checkmark means the setting is the
same, red x means it's different. I use it all the time to see where a
client's system differs from the default group policy config.

Regards,
Rob

On 5/25/06, Koolk3 <koolk3 () gmail com> wrote:
> Just to clarify on this a bit more. I need to know what settings that
> are applied. I don't need a report showing me the status of every
> policy. Just the ones that have been changed from their default.
>
> Koolk3
>
> On 5/25/06, Koolk3 <koolk3 () gmail com> wrote:
> > Thanks everyone for your responses. Here is an update on what I have
> > found so far. I would also like to have your feedback on any of the
> > tools listed here if you have any experience with them.
> >
> > 1) GPOVault (free) from DesktopStandard: This can compare settings
> > between 2 GPO rsops. Anyone has any experience using this? This has to
> > be used in conjuction with GPMC.
> >
> > 2) GPMC from Microsoft: This tool may have the functionationality I am
> > looking for interms of finding the changed GPOs but I am not so sure.
> >
> > 3) GPInventory from Microsoft: I am not sure about this either.
> >
> > 4) Secedit from Microsoft: Does this run on Windows 2000?
> >
> > If you have any experience with these tools can you please provide me
> > some feedback? I need to know which one will be the best choice to
> > figure out the GPO settings changed after a default installation.
> >
> > Thanks.
> >
> > Koolk3
> >
> > On 5/24/06, Koolk3 <koolk3 () gmail com> wrote:
> > > Hello list,
> > >
> > > Basically, I am trying to find the policies that has been changed by
> > > active directory after a default Windows 2000 installation. The
> > > policies were modifed without any documenattion and now it is a
> > > problem.
> > >
> > > I am looking for a tool that can help me audit Active Directory
> > > policies that has been applied to Windows 2000 workstations. Ideally
> > > the tool should know the default policy (from original win 2000
> > > install) and then give me a report on what has changed.
> > >
> > > Most tools that does this are for Windows XP and I need something for
> > > Windows 2000.
> > >
> > > Any suggestions?
> > >
> > > Sincerely,
> > > --
> > > KoolK3
> > >
> >
> >
> > --
> > KoolK3
> >
>
>
> --
> KoolK3


--
Rob McComber, GSEC, MCSE
Product Security Specialist, Telvent
robert.mccomber () telvent abengoa com
rmccomber () gmail com