Educause Security Discussion mailing list archives
Re: Group Policy enforced on desktop
From: Brian Desmond <brian.desmond () MORANTECHNOLOGY COM>
Date: Sat, 3 Apr 2010 19:51:40 +0200
Leigh- So how are you determining that the setting is or isn't set? What I'd suggest is running "gpresult /v > gpresults.txt" and looking at the resulting text file. If you mail me the particular setting I can look up the registry value that it sets. It's also possible that the setting was added in a service pack for XP and your sample machine is running an older service pack. In general you shouldn't need to rebuild the GPO to change the setting. If the issue is that the setting is set in the policy but not reflected locally, I would ensure that a) gpresult indicates the GPO is applied (and is effective) and b) GPOs are applying successfully (userenv warnings/errors in the system log are indicative of a problem here). It's possible there's something messed up with the actual policy object but that is likely fixable. --brian Thanks, Brian Desmond brian.desmond () morantechnology com w - 312.625.1438 | c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian Group Policy Gurus, I am auditing a desktop with MS Windows XP Pro operating system with a nice group policy applied to the organizational unit. When reviewing the computer, the group policy appears to enforce a Security Options setting which is only found in XP, W2k, and W2k3. However, when I reviewed the group policy the setting is not listed. The XP Pro default setting is recommend by the CIS benchmark and NIST checklist, but the machine has a weaker setting enforced which we cannot locally change because of AD. Please contact me directly if you wish to know the setting. Has anyone seen this before and have any explanation? I assume to correct the group policy will need to be rebuild from scratch. Thanks, Leigh Cheek, CIA, CISA Senior Auditor Audit and Consulting Services University of Tennessee 149 Conference Center Building Knoxville, TN 37996-4114 (865) 974-4420 fax (865) 974-6171 lcheek () utk edu
Current thread:
- Re: Group Policy enforced on desktop Brian Desmond (Apr 03)
- <Possible follow-ups>
- Re: Group Policy enforced on desktop Dexter Caldwell (Apr 03)
- Re: Group Policy enforced on desktop Michael Schalip (Apr 03)