Checking Local Group Policy
There may be times when you want to check the Local Group Policy Settings on a desktop machine.
While using the Group Policy Results Wizard is the simplest way to view the Group Policy settings that apply to a remote machine, there may be times when you want to check the Local Group Policy Settings on a desktop machine. Group Policy is applied according to the mnemonic LSDOU, which means Local Group Policy firest, then GPOs linked to the AD site the machine belongs to, then GPOs linked to the domain the machine belongs to, and finally GPOs linked to the OUs the machine belongs to (directly or by view of a hierarchical OU structure). So an LGPO setting *can* cause problems if it’s not overridden by a site, domain or OU policy setting.
Here’s a simple way of checking the Local GPO on a user’s machine while the user is logged on:
1. Ask them to turn their head or go away so they don’t see you type a password.
2. Open a command prompt and type runas /user:machinenameusername “mmc gpedit.msc” where machinename is the name of the user’s computer and username is the name of the local administrator account on that machine.
3. Type the password for the local administrator account on that machine.
Group Policy Object Editor now opens and displays the *local* Group Policy settings that are defined on that machine. You can tell it’s the LGPO since the root node is displayed as Local Computer Policy.
Further tips:
– Typing runas gpedit.msc doesn’t work because *.msc files aren’t executable. You must type runas “mmc gpedit.msc”
– Local Group Policy settings aren’t displayed when you run the Group Policy Results wizard in the GPMC, which is a good reason for never configuring local computer policies in the first place!
– Why would some computers from older Windows 2000/XP deployments actually have local computer policies configured? Usually when an administrator has run the Security Configuration and Analysis console on the machine to apply a secure or highly secure template to the machine for security reasons before the machine joined the domain.
Article written by MyComputerAid.com
2003 server - Sep 30, 2008 22:34 - 0 Comments
instant messaging srv records
More In Computers & PC
- Howto secure wordpress
- Simple wordpress upgrade from SSH howto
- permanently delete your facebook account
- Creating a Sound File
- Talking to the Mouse
Microsoft Outlook - Mar 22, 2009 11:22 - 0 Comments
Outlook: Duplicates in Mailbox
More In Computers & PC
- Howto secure wordpress
- Simple wordpress upgrade from SSH howto
- permanently delete your facebook account
- Creating a Sound File
- Talking to the Mouse
Microsoft Desktop, Web browsers and Internet, Windows 2000, Windows 7, Windows 98, Windows Firewall and networking, Windows Vista, Windows XP - Feb 8, 2010 18:09 - 0 Comments
Disable Proxy settings in IE
More In Computers & PC
- Howto secure wordpress
- Simple wordpress upgrade from SSH howto
- permanently delete your facebook account
- Creating a Sound File
- Talking to the Mouse
Leave a Reply
You must be logged in to post a comment.