Access Denied: Locating All the GPOs in Your Domain

To keep track of where other administrators and I have defined security policies, I'd like to generate a list of all the Group Policy Objects (GPOs) in my domain without having to open the Properties dialog box of each organizational unit (OU) and click the Group Policy tab. How can I generate such a list quickly?

You can see all the GPOs in your domain by looking in the \system\ policies container in the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in. When you open the Active Directory Users and Computers snap-in, you won't at first see the System container. Choose View, Advanced Features from the console's menu bar, then navigate to the \system\policies container, as Figure 5 shows.

System is a special container in which Active Directory (AD) stores system objects such as IP Security (IPSec) policies, DNS records, GPOs, and other objects that don't belong in your usual OU hierarchy. AD stores GPOs in the \system\policies container. However, when you first view the GPOs in the Policies container, you'll see only the globally unique identifiers (GUIDs) of each GPO, which isn't useful. Choose View, Columns from the console's menu bar, add Display Name to the displayed columns list, then click OK. Now, you'll be able see all the GPOs in your domain with the same display name that you usually see when you view the Group Policy tab of an OU, site, or domain.

The only disadvantage of this method is that you can't edit GPOs from the Policies container or find out where a given GPO is linked. Therefore, another method is to right-click any OU, select Properties, click the Group Policy tab, click Add, then click All. You'll see all the GPOs in your domain, and you can right-click a GPO and select Edit, or—to find out where the GPO is linked—select Properties, then click the Links tab, which displays all the sites, domains, and OUs to which the GPO is linked.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.