Security Basics mailing list archives
Re: AD Policy audit tool for Windows 2000
From: "Rob McComber" <rmccomber () gmail com>
Date: Mon, 29 May 2006 09:04:12 -0600
On 2k and 2k3, you should be able to use the SCA Tool (Security Configuration and Administration - it's an MMC snap-in) to compare your existing policy to a defined baseline. It allows you to load up any of the pre-existing AD templates from MS or another template vendor (or your own) and delta it against the config on the box. It's very effective and fast - blue checkmark means the setting is the same, red x means it's different. I use it all the time to see where a client's system differs from the default group policy config. Regards, Rob On 5/25/06, Koolk3 <koolk3 () gmail com> wrote:
Just to clarify on this a bit more. I need to know what settings that are applied. I don't need a report showing me the status of every policy. Just the ones that have been changed from their default. Koolk3 On 5/25/06, Koolk3 <koolk3 () gmail com> wrote: > Thanks everyone for your responses. Here is an update on what I have > found so far. I would also like to have your feedback on any of the > tools listed here if you have any experience with them. > > 1) GPOVault (free) from DesktopStandard: This can compare settings > between 2 GPO rsops. Anyone has any experience using this? This has to > be used in conjuction with GPMC. > > 2) GPMC from Microsoft: This tool may have the functionationality I am > looking for interms of finding the changed GPOs but I am not so sure. > > 3) GPInventory from Microsoft: I am not sure about this either. > > 4) Secedit from Microsoft: Does this run on Windows 2000? > > If you have any experience with these tools can you please provide me > some feedback? I need to know which one will be the best choice to > figure out the GPO settings changed after a default installation. > > Thanks. > > Koolk3 > > On 5/24/06, Koolk3 <koolk3 () gmail com> wrote: > > Hello list, > > > > Basically, I am trying to find the policies that has been changed by > > active directory after a default Windows 2000 installation. The > > policies were modifed without any documenattion and now it is a > > problem. > > > > I am looking for a tool that can help me audit Active Directory > > policies that has been applied to Windows 2000 workstations. Ideally > > the tool should know the default policy (from original win 2000 > > install) and then give me a report on what has changed. > > > > Most tools that does this are for Windows XP and I need something for > > Windows 2000. > > > > Any suggestions? > > > > Sincerely, > > -- > > KoolK3 > > > > > -- > KoolK3 > -- KoolK3
-- Rob McComber, GSEC, MCSE Product Security Specialist, Telvent robert.mccomber () telvent abengoa com rmccomber () gmail com
Current thread:
- AD Policy audit tool for Windows 2000 Koolk3 (May 24)
- Re: AD Policy audit tool for Windows 2000 Saqib Ali (May 25)
- Re: AD Policy audit tool for Windows 2000 Koolk3 (May 25)
- Re: AD Policy audit tool for Windows 2000 Koolk3 (May 25)
- RE: AD Policy audit tool for Windows 2000 Roger A. Grimes (May 29)
- Re: AD Policy audit tool for Windows 2000 Rob McComber (May 29)
- Re: AD Policy audit tool for Windows 2000 Koolk3 (May 25)
- <Possible follow-ups>
- RE: AD Policy audit tool for Windows 2000 Ramsdell, Scott (May 25)
- Re: AD Policy audit tool for Windows 2000 Raoul Armfield (May 29)
- RE: AD Policy audit tool for Windows 2000 Crawley, Jim (May 29)
- Re: AD Policy audit tool for Windows 2000 Koolk3 (May 31)