• State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 20 subscribers
  • Views 3502 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how to detect the enforced gpo

shwu-ying.hunt
over 5 years ago

We are not able to find out how to detect the enforced GPO.  Is there a way to audit it?

  • 0 over 5 years ago
    my quess would be: you need to audit the target box to where the source DC pushes GPO to.
  • 0 over 5 years ago
    I'm with Aidar on this one - if you want to see the details of what was applied, you need to audit the end point. The changes are manifest as Registry modifications I believe.

    The only thing you will typically see on the DC side is that fact that the DC's computer account(s) is (are) doing stuff related to GPOs and then (I think) only if those GPOs are applicable to DCs.

    So, in a nutshell start by looking at activity by the DC computer accounts. Then, as noted, you will likely have to consider auditing the end point.

    FWIW, PoSh calls to the WINRM service on the end point can tell you what settings were GPO applied. Try:

    winrm get winrm/config

    This will show you what settings were applied via GPO.