[gptalk] Re: Vista's Gpresult no longer showing Computer setttings?

  • From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Fri, 15 Sep 2006 09:16:16 -0700

Just right-click the DOS Command Prompt icon in the Start menu as select
"run as administrator".
 

  _____  

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Mills, Mark
Sent: Friday, September 15, 2006 9:12 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista's Gpresult no longer showing Computer setttings?




Is there a way to elevate your DOS privileges so you could run gpresult
/computer?  The new version of the "runas" command I noticed now has a
"trustLevel " parameter but even as an admin the DOS application runs in
"standard user" mode.   I also tried to use the Application Compatibility
Wizard to elevate my priviledges but it would not stating it is a core
system program.

 

 

Mark Mills 

  _____  

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Darren Mar-Elia
Sent: Friday, September 15, 2006 10:56 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista's Gpresult no longer showing Computer setttings?


 

Actually, as a follow up to this, you can use the /user parameter on
gpresult, as an elevated user, to get the RSOP info for the original user
you're logged in as. So you don't really have to run gpresult twice if you
do this.

 

Darren

 

  _____  

From: Darren Mar-Elia [mailto:darren@xxxxxxxxxx] 
Sent: Friday, September 15, 2006 8:52 AM
To: 'gptalk@xxxxxxxxxxxxx'
Subject: RE: [gptalk] Vista's Gpresult no longer showing Computer setttings?


Mark-

In Vista, they removed the ability for a "regular" non-elevated user from
getting computer-specific RSOP. You have to start an elevated command-prompt
in order to get computer info. The pain about this is the following. Let's
say you're logged on as your normal, non-admin user account. So you want to
get RSOP info. You elevate your command prompt to admin and then gpresult
result. Well, it gives you the computer data that you're after but then it
gives you the user data of the elevated account (e.g. local administrator).
Bummer. So you really have to run GPResult twice if you're not already an
admin on a box. Part of the new secure world we live in.

 

Darren

 

 

 

  _____  

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Mills, Mark
Sent: Friday, September 15, 2006 8:13 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Vista's Gpresult no longer showing Computer setttings? 

I ran a gpresult on VistaRC1 and gpresult doesn't show the Computer settings
section of GPResult?

 

 

 

Here is a capture of the Gpresult - Notice there is not a Computer settings
section:

 

 

U:\>psexec \\vistarc1_9-1-06 -u DA\Vista -p V1staOS cmd

 

PsExec v1.31 - execute processes remotely

Copyright (C) 2001-2002 Mark Russinovich

www.sysinternals.com

 

 

Microsoft Windows [Version 6.0.5600]

Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

 

C:\Windows\system32>hostname

VistaRC1_9-1-06

 

C:\Windows\system32>gpresult

 

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0

Copyright (C) Microsoft Corp. 1981-2001

 

Created On 9/15/2006 at 9:45:08 AM

 

 

RSOP data for DA\Vista on VISTARC1_9-1-06 : Logging Mode

---------------------------------------------------------

 

OS Type:                     Microsoftr Windows VistaT Ultimate

OS Configuration:            Member Workstation

OS Version:                  6.0.5600

Site Name:                   N/A

Roaming Profile:             N/A

Local Profile:               C:\Users\Vista

Connected over a slow link?: No

 

 

USER SETTINGS  (here is the user settings - but no Computer settings showed
up?)

--------------

    CN=VistaTester,OU=IT Users,OU=User Policies,OU=Active Group

Policies,DC=mydomain,DC=com

    Last time Group Policy was applied: 9/15/2006 at 8:40:40 AM

    Group Policy was applied from:      domaincontroller.mydomain.com

    Group Policy slow link threshold:   500 kbps

    Domain Name:                        DA

    Domain Type:                        Windows 2000 (actually 2003 domain
and forest)

 

    Applied Group Policy Objects

    -----------------------------

        User - Printer - These specific PCs get the 8000 and 8550 Printer 

        Default Domain Policy

        User -AD IT Group to added to Local Computer Admin Group

        User -All Mapped Drives

        User -Screen Saver Lock Computer after 1 hours inactivity

        User -IE Changes for IT

        User -Disable Offline Folder Synchronization

        User -My Documents Folder Redirection

        Default Domain Policy

 

    The following GPOs were not applied because they were filtered out

    -------------------------------------------------------------------

        Computer -Disable Windows Security Center

            Filtering:  Disabled (GPO)

 

        Computer - Symantec Auto Install IT Group

            Filtering:  Not Applied (Empty)

 

        Computer -Disable OS Firewall while on Domain

            Filtering:  Disabled (GPO)

 

        Local Group Policy

            Filtering:  Not Applied (Empty)

 

        Local Group Policy

            Filtering:  Not Applied (Empty)

 

    The user is a part of the following security groups

    ---------------------------------------------------

        Domain Users

        Everyone

        BUILTIN\Users

        NT AUTHORITY\INTERACTIVE

        NT AUTHORITY\Authenticated Users

        This Organization

        LOCAL

        Medium Mandatory Level

 

 It doesn't matter if I am sitting in front of the pc or using psexec  I can
not get gpresult to show the computer settings portion of gpresult.  (psexec
no longer works in interactive mode by the way, even using a local username
and password, it still works in default mode though)

 

 

 

Mark Mills 

Office Phone:  281-444-2300 x113

Email: mark.mills@xxxxxxxxxxxxxxxxxxxxxx 

 

Other related posts: