JSI Tip 2487. What group policies have been applied?


In tip 2486, we enabled user environment event logging.

You can also see a history of the application of group policies by inspecing the registry.

To inspect the group policies applied to your local computer, use Regedt32 to navigate to:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group Policy\History

To inspect the group policies applied to your account, navigate to:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History

Each sub-key represents an installed Group Policy Extension and each Group Policy Object is a subkey numbered from 0, the first GPO applied.

The Value Names and meaning are:

DisplayName is the name of the GPO per the Active Directory Management and Group Policy Editor
                   administration tool.

DSPath      is the Distinguished Name (DN) of the path to the GPO stored in the 
                   Active Directory (AD).
                   Example: LDAP://CN=Machine,CN=\{GUID of GPO\},CN=Policies,CN=System,DC=... 
                   Not present for Local GPO because there is no local AD storage.
 
FileSysPath is the path to the Group Policy Template (GPT), or file-based policy, 
                   contained in the Group Policy. This is either the UNC to the domain controller's SYSVOL
                   or the local path (%SystemRoot%\system32\GroupPolicy\...).

GPOLink     The scope of the GPO:
                   0= No link information
                   1= The GPO is linked to a machine (local)
                   2= The GPO is linked to a Site
                   3= The GPO is linked to a Domain
                   4= The GPO is linked to an Organizational Unit 

GPOName     is the GPO name, either friendly or the GUID if stored in the AD.

lParam      is used to perform various functions on GPOs. This value can be customized by Group Policy Extensions.

Options     is selected by the administrator, such as to enable/disable the GPO or 
                   force the settings defined in the GPO on subcontainers.

Version     is the GPO version when last applied and is used to determine if the GPO has since changed.
 

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish