Analyzing Group Policy using the registry

PC Repair Tools

Advanced Registry Cleaner PC Diagnosis and Repair

Get Instant Access

When Group Policy objects are applied to a computer, the computer stores important information about the Group Policy objects it is applying in the last place you'd look: the registry. Information about computer policies is stored under the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group Pol-icy\History key. Information about user policies (relating to the currently logged on user) is stored under the HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur-rentVersion\Group Policy\History key.

To view this information, follow these steps:

1. Click Start, and then click Run. Type Regedit, and then click OK.

2. In the Registry Editor, navigate to one of the following two keys:

□ If you are troubleshooting problems relating to a computer policy, navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVer-sion\Group Policy\History.

□ If you are troubleshooting problems relating to a user policy, navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVer-sion\Group Policy\History.

3. Expand the History key to reveal one or more subkeys relating to Group Policy Extensions.

4. Expand each of the Group Policy Extension keys. You will find one or more subkeys, numbered starting at 0.

The numbers indicate the order in which the policies were applied to the system. Lower numbers were applied first.

5. As shown in Figure 3.11, click each of the keys and examine the values contained within.

File Edit View Favorites Help EM_J Applets ^

1+1 Pi Control Panel Controls Folder O CSCSettings El Q DateTime El Q Dynamic Directory El Q Explorer

0 Extensions & D Group Policy i ID AppMgmt I It) GroupMembership ! t Q History

J Type

5>j(Defaultj j REG_SZ

@>|DispiayName REG_5Z

®D5Path REG_SZ

[^Extensions REG_5Z

©FileSysPath REG_SZ I^GPOLink ®GPOName ®Link l^lParam IS»] Options |Sj>] Version

I Data

(value not set) Default Domain Policy

LDAP: //CN=MachineJ CN={31B2F340-016D-11 D2-945F-00CO4FB984F [■{35378EAC-683F-11D2-A89 A-OOC04FBBCFA2H53D6AB1B-2488-11 [ \\CQHOWINERY, COM\S VS VOL\COHOWINERY ,COM\POLICIE5\{31B2i REG_DWORD 0x00000003 (3)

REG_SZ {31B2F34Q-Q16D-11D2-945F-00CO4FB984F9}-REG_5Z LDAP://DC=cohowineryJ DC=com REG_DWORD 0x00000000 (0) REG_DWORD 0x00000000 (0) REG_DWORD OxOOOfOOOf (983055)

My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\]827D319E-6EAC-l 1D2-A4EA-00CC

Figure 3.11 Group Policy information stored in the registry

An explanation of each of the registry values that can be used follows:

■ DisplayName. DisplayName is the friendly name of the GPO.

■ DSPath. DSPath is the distinguished name of the path to the GPO stored in Active Directory. This attribute will not be present for Local GPOs.

■ FileSysPath. FileSysPath is the path to the Group Policy template, or file-based policy, contained in a Group Policy object. If this is a GPO from the domain, the path will be a Universal Naming Convention (UNC) path to the SYSVOL share on the domain controllers. If this is a Local GPO, the path will be a local path that points to the structure beginning with the path %SystemRoot%\system32\Group-Policy.

■ GPOLink. The GPOLink value identifies what scope the GPO was applied to, therefore affecting the computer or user. The following values are valid:

□ 4= The GPO is linked to an organizational unit

■ GPOName. The GPOName value contains the name of the GPO as it is referenced. For GPOs associated with computers, this name will be the friendly name of the GPO. For GPOs stored in Active Directory, this will be the globally unique identifier (GUID) of the GPO.

■ lParam. The lParam value is used to perform various functions on GPOs.

■ Options. The Options value represents the options selected by the administrator when configuring the GPO link, such as whether to disable the GPO or to force the settings defined in the GPO on subcontainers.

■ Version. The Version registry value specifies the version number of the GPO when it was applied last. The number is used to determine if the GPO has changed since it was last applied.

In the context of troubleshooting, you can use this information to trace GPOs back to their source in Active Directory. You can also determine the order in which Group Policy objects were applied. If the order is not the order you expected, use the Active Directory Users And Computers console to modify the order in which Group Policy objects are applied.

Was this article helpful?

0 0
Advance SEO Techniques

Advance SEO Techniques

Turbocharge Your Traffic And Profits On Auto-Pilot. Would you like to watch visitors flood into your websites by the 1,000s, without expensive advertising or promotions? The fact is, there ARE people with websites doing exactly that right now. How is that possible, you ask? The answer is Advanced SEO Techniques.

Get My Free Ebook

Post a comment