[gptalk] Re: Display 'Local' Security Policy Settings - I Must Be Asleep

  • From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Wed, 22 Oct 2008 11:31:45 -0700


Gpedit.msc (Local GPO) on the DC should show you the current security policy
being applied to that DC, including ones that are defined locally. You will
have trouble with RSOP related to local security policy. This is a known
issue-since local sec. policy doesn't actually persist in the local GP and
thus does not log RSOP data when it is processed.




From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Cruz, Jerome L
Sent: Wednesday, October 22, 2008 10:50 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Display 'Local' Security Policy Settings - I Must Be


I need to display a DC's Local Security Policies settings to do some
comparisons between domains.


When a DC is promoted, the  Administrative Tools folder console choice named
'Local Security Policy' changes to display 'Domain Controller Security
Policy' and 'Domain Security Policy' (Windows Server 2003 - 64 bit DCs).
However, these consoles 'only' display the settings for policies that are
GPO based in the domain. Other policy settings (like all the ones that are
'local settings') are displayed as 'Not Defined'.


The GPMC reports (both Planning and RSoP) for the DC's show similar results.
I see similar results when running RSoP.msc. Where do I look to see the
"Local Settings" for the DC's? I suppose I could use the Security
Configuration and Analysis snap-in, but I can't believe it'd take that
amount of effort.


Am I really asleep this morning? Am I in the forest and can't see the trees?




Other related posts: