1 Reply Latest reply on Oct 16, 2009 8:00 AM by Hamid Yusuf

    how to audit GPO settings?

    Matt Kreger

      I'm trying to figure out how to audit local (and domain) group policy settings on Windows servers.  Many of these things are set (seemingly) independently of the registry, or at least are not documented as to how or where they update the registry.


      An example:

      To disable automatic root certificate updates, you can set the following registry value to 0:



      But you can also disable root certificate updates using group policy, and if you do, it doesn't create that registry value or set it, so I'm not sure where / what to check to audit that setting.


      Of course, a great solution would be to have all the GPO settings parsed as extended objects.  Anyone done that yet?