That is all I am after is the "configured" settings. Don't need the others. I believe I could be happy if I had a printout of the policy settings in "expanded view", then I would have paper copy showing me what I should set under computer and under user. If I am working on several different machines with in a few days, I probably can remember them, but if its been a week or two or more, then... I may not. How do I "throw it all into a spreadsheet"?? ________________________________ From: gptalk-bounce@xxxxxxxxxxxxx on behalf of Cruz, Jerome L Sent: Fri 1/16/2009 8:06 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: local security policy & local group policy The problem is that the RSoP.msc and GPMC reports only display 'configured' settings delivered from GPOs, not all the settings that exist. [Even the Security Config and Analysis Snap-in is limited in this manner.] That said, there is a local "security settings dump utility" called Secedit. For Windows Server 2003, you can use the following command line in a CMD prompt to dump the info: secedit /export /cfg secdump.inf Also, you should review KB article: http://support.microsoft.com/kb/914041 One of the issues is that the data exported is in INF template format. This means you have to know what each setting actually is. Some are obvious, some less so, and some 'really' hard to match up. I'm positive that there are other utilities to get the data, but I haven't needed anything else...at least not yet! hmmm.. XX days until you have to change your password, okay, that's pretty easy... MaximumPasswordAge = XX ... Ummm... Digital Signing required? Server or client? MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature=4,0 ... What? Some User Right's Assignment setting, but SID lookup as well, geez... SeCreateGlobalPrivilege = *S-1-5-32-XXX,*S-1-5-XXX You can do quite a bit of matching by having the Local Security Policies console open, but it's hard to get "all" the values matched up. Of course, once you do have all the matches, then you can dump any number of machines and throw it all into a spreadsheet. Also, many times, I only need a few settings, so just work on those you really need since the Secedit utility will allow you to dump specific sections. Jerry Cruz | Group Policies Product Manager | Windows Infrastructure Architecture | Boeing IT From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia Sent: Friday, January 16, 2009 12:26 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: local security policy & local group policy No, sadly it won't. I don't recall if RSOP.MSC has any kind of export capability but you might try that. Darren From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Dave Clapham Sent: Friday, January 16, 2009 12:17 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: local security policy & local group policy Will it still do that for those computers that aren't part of the domain? From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Nelson, Jamie Sent: Friday, January 16, 2009 1:51 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: local security policy & local group policy Sounds like you want the GP Results Wizard in GPMC. It can run a RSoP against a remote system and give you a nice HTML report which you can print and/or save. Jamie Nelson | Operations Consultant | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: 405.552.8054 | Mobile: 405.200.8088 | http://www.dvn.com <http://www.dvn.com/> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Dave Clapham Sent: Friday, January 16, 2009 1:27 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: local security policy & local group policy I tried the gpresult /z >gp.txt but it didn't give the me desired results. Its close but doesn't drill down deep enough to tell me the policy name, etc.. So does anyone make something that will tell me what policies have been set? I would prefer a free solution but that doesn't look very promising. So how about payware?? Dave From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia Sent: Thursday, January 15, 2009 9:36 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: local security policy & local group policy Daniel- If you are talking about the Local Security Policy shortcut that you see in Administrative Tools, then that is simply an MMC snap-in tool focused on the security portion of the local GPO. So you are essentially looking at a subset of the Local GPO. That being said, security policy on the local GPO is made against the live system, instead of being stored in settings files like it is for other local GPO settings. That makes it somewhat special and often troublesome to manage. Darren From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of daniel Sent: Thursday, January 15, 2009 7:02 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] local security policy & local group policy hi all, simple question. what is the difference between the local security policy and the local group policy? daniel. ________________________________ Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system.