Group Policy - Windows
Log In or Register to download the BES file, and more.

3 Votes

Versioning - This is the latest version.

1Group Policy - Windows4/24/2016 7:43:51 PM
2Group Policy - Windows5/10/2016 6:39:25 AM
3Group Policy - Windows7/19/2016 5:50:23 PM
4Group Policy - Windows9/13/2016 4:48:27 PM
5Group Policy - Windows10/17/2016 2:16:57 PM
6Group Policy - Windows11/14/2016 3:35:42 PM

Description

Provides the following pieces of information regarding Group Policy:

  1. Average network wait on startup
  2. Applied Group Policies
  3. Enforced Group Policies
  4. The Active Directory site the computer currently falls into
  5. Assigned Software Installations in Group Policy
  6. The currently connected domain controller
  7. If the computer is on a slow link
  8. Currently running startup and shutdown scripts
  9. Group Policy Preferences with tracing or debug logging enabled

The applied group policies and enforced group policies properties show the name of the group policy object, at what level the policy is linked (Site, Domain, OU) and at what OU in active directory the policy is linked at.

For general information or to report issues with C3 Inventory content please visit GitHub here: https://github.com/strawgate/C3-Inventory


Property Details

ID2998487
TitleGroup Policy - Windows
DomainBESC
Added by on 11/14/2016 3:35:42 PM
Last Modified by on 11/14/2016 3:35:42 PM
Counters 4393 Views / 87 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

Group Policy - Average Network Wait - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
values "AvgWaitTimeoutAtStartup" of keys "HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\group policy\history" of native registry
Group Policy - Applied Policies - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
unique values of (it as string) of (value "DisplayName" of it, (if (it = 0) then "Unknown" else (if (it = 1) then "Local Group Policy" else (if (it = 2) then "Site Linked" else (if (it = 3) then "Domain Linked" else ("OU Linked"))))) of (value "GPOLink" of it as integer), value "Link" of it) of keys of keys of key "HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\group policy\history" of native registry
Group Policy - Enforced Policies - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
unique values of (it as string) of (value "DisplayName" of it, (if (it = 0) then "Unknown" else (if (it = 1) then "Local Group Policy" else (if (it = 2) then "Site Linked" else (if (it = 3) then "Domain Linked" else ("OU Linked"))))) of (value "GPOLink" of it as integer), value "Link" of it) of keys whose (bit 1 of (value "Options" of it as integer as bit set) = true) of keys of key "HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\group policy\history" of native registry
Group Policy - Site - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
value "Site-Name" of key "HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\group policy\State\Machine" of native registry
Group Policy - Assigned Software Installation - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
(value "GPO Name" of it, value "Deployment Name" of it, value "GPO ID" of it) of keys of keys "HKEY_LOCAL_MACHINE\Software\microsofat\windows\currentversion\group policy\Appmgmt" of native registry
Group Policy - Connected Domain Controller - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
value "DCName" of keys "HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\group policy\History" of native registry as string
Group Policy - On Slow Link - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
if (value "IsSlowLink" of key "HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\group policy\History" of native registry as integer | 0 = 0) then false else true
Group Policy - Startup Scripts - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
unique values of (it as string) of (value "DisplayName" of it as string, value "FileSysPath" of it as string) of keys of keys "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Startup" of native registry
Group Policy - Shutdown Scripts - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
unique values of (it as string) of (value "DisplayName" of it as string, value "FileSysPath" of it as string) of keys of keys "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown" of native registry
Group Policy - Extensions with Debug Logging - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
(default value of it) of keys whose (set of names of (keys whose (value "LogLevel" of it as string != "0") of key "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy" of native registry) contains name of it ) of key "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions" of native registry
Group Policy - Extensions with Tracing Enabled - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
(default value of it) of keys whose (set of names of (keys whose (value "LogLevel" of it as string != "0") of key "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy" of native registry) contains name of it ) of key "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions" of native registry
Group Policy - Local Policy Settings - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
unique values of (it as string) of (string value of property "registryKey" of it | "", string value of property "valueName" of it, (if (length of (property "value" of it as string) <= 16) then /* For short values convert the byte array*/((/*Convert to integer*/ hexadecimal integer /* Reverse the bytes */(concatenations of substrings separated by "," of concatenation of characters ( lengths of following texts of positions of it ) of concatenation "," of (concatenation of characters ( lengths of following texts of positions of it ) of it ) of /*Get bytes */(integer values of property "value" of it as hexadecimal))) as string | "") else /* Long values let BigFix do it*/ (following text of first "value=" of (preceding text of last "%00" of it | it) of (preceding text of last "%0d%0a" of it | it) of (property "value" of it as string)))) of SELECT objects "* FROM RSOP_RegistryPolicySetting WHERE GPOID='LocalGPO' and valueName != ''" /* valueName != '' removes blank keys, not sure if this breaks anything*/ of rsop computer wmi

Relevance

isWindows (Relevance 1172)
Used in 1111 fixlets and 524 analyses   * Results in a true/false
Show indented relevance
windows of operating system
Used in 27 fixlets and 130 analyses   * Results in a true/false
Show indented relevance
NOT in proxy agent context

Sharing

Social Media:
Share this page on Yammer

Comments