4/11/2017 ViewingGPOsontheCommandline

Viewing GPOs on the Commandline

September 2, 2011 Redspin Penetration Testing, Security Tools

0 Comments

Want a quick way to see what GPOs are applied to your local
system, just using built in utilities? Using the GUI to manually view
what settings are applied is awkward and slow. ?Use the following
commands to see what policies are being handed down to the
system youre on and what theyre enforcing. ?This info can be
incredibly handy during a pentest in order to nd out the limitations
being imposed on a specic system youve compromised. It can
also be very valuable during a vulnerability assessment to spot-
check policies being passed down from the domain or forest a
workstation is a member of.

Open a command prompt and enter the following command to see

all GPOs that are being applied to your system:

gpresult

This will show the most basic output

C:Documents and Settingsbilly> gpresult

Microsoft (R) Windows (R) XP Operating

System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 8/26/2011 at 3:24:13 PM

https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 1/14
4/11/2017 ViewingGPOsontheCommandline

RSOP results for MARSbilly on EARTH :

Logging Mode
-------------------------------------------
---------

OS Type: Microsoft
Windows XP Professional
OS Configuration: Member
Workstation
OS Version: 5.1.2600
Domain Name: MARS
Domain Type: Windows 2000
Site Name: Default-First-
Site-Name
Roaming Profile:
Local Profile: C:Documents
and Settingsbilly
Connected over a slow link?: No

COMPUTER SETTINGS
------------------
CN=EARTH,OU=Goats,DC=mars,DC=local
Last time Group Policy was applied:
8/26/2011 at 3:03:25 PM
Group Policy was applied from:
phobos.mars.local
Group Policy slow link threshold: 500
kbps

Applied Group Policy Objects

-----------------------------
Pasture.Rules
Good.Goats
Default Domain Policy

The following GPOs were not applied

because they were filtered out
---------------------------------------
----------------------------
Local Group Policy
Filtering: Not Applied (Empty)

The computer is a part of the following

security groups:
---------------------------------------
-----------------

https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 2/14
4/11/2017 ViewingGPOsontheCommandline

BUILTINAdministrators
Everyone
NT AUTHORITYAuthenticated Users

USER SETTINGS
--------------
CN=Billy,OU=Goats,DC=mars,DC=local
Last time Group Policy was applied:
8/26/2011 at 3:03:20 PM
Group Policy was applied from:
phobos.mars.local
Group Policy slow link threshold: 500
kbps

Applied Group Policy Objects

-----------------------------
Pasture.Rules
Good.Goats
Default Domain Policy

The following GPOs were not applied

because they were filtered out
---------------------------------------
----------------------------
Local Group Policy
Filtering: Not Applied (Empty)

The user is a part of the following

security groups:
---------------------------------------
-------------
Domain Users
Everyone
BUILTINUsers
NT AUTHORITYINTERACTIVE
NT AUTHORITYAuthenticated Users
LOCAL

To see additional detail including the specic settings within the

applied GPOs use the following command

gpresult /z

https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 3/14
4/11/2017 ViewingGPOsontheCommandline

Microsoft (R) Windows (R) XP Operating
System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 8/26/2011 at 3:35:13 PM

RSOP results for MARSbilly on EARTH :

Logging Mode
-------------------------------------------
---------

OS Type: Microsoft
Windows XP Professional
OS Configuration: Member
Workstation
OS Version: 5.1.2600
Domain Name: MARS
Domain Type: Windows 2000
Site Name: Default-First-
Site-Name
Roaming Profile:
Local Profile: C:Documents
and Settingsbilly
Connected over a slow link?: No

COMPUTER SETTINGS
------------------
CN=EARTH,OU=Goats,DC=mars,DC=local
Last time Group Policy was applied:
8/26/2011 at 3:03:25 PM
Group Policy was applied from:
phobos.mars.local
Group Policy slow link threshold: 500
kbps

Applied Group Policy Objects

-----------------------------
Pasture.Rules
Good.Goats
Default Domain Policy

The following GPOs were not applied

because they were filtered out
---------------------------------------
----------------------------

https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 4/14
4/11/2017 ViewingGPOsontheCommandline

Local Group Policy

Filtering: Not Applied (Empty)

The computer is a part of the following

security groups:
---------------------------------------
-----------------
BUILTINAdministrators
Everyone
NT AUTHORITYAuthenticated Users

Resultant Set Of Policies for Computer:

---------------------------------------
-

Software Installations
----------------------
N/A

Startup Scripts
---------------
N/A

Shutdown Scripts
----------------
N/A

Account Policies
----------------
GPO: Default Domain Policy
Policy:
MinimumPasswordAge
Computer Setting: 1

GPO: Default Domain Policy

Policy:
PasswordHistorySize
Computer Setting: 24

GPO: Default Domain Policy

Policy:
LockoutDuration
Computer Setting: 30

GPO: Default Domain Policy

Policy:

https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 5/14
4/11/2017 ViewingGPOsontheCommandline

ResetLockoutCount
Computer Setting: 30

GPO: Default Domain Policy

Policy:
MinimumPasswordLength
Computer Setting: 7

GPO: Default Domain Policy

Policy:
LockoutBadCount
Computer Setting: 5

GPO: Default Domain Policy

Policy:
MaximumPasswordAge
Computer Setting: 42

Audit Policy
------------
GPO: Pasture.Rules
Policy:
AuditPolicyChange
Computer Setting: Success

GPO: Pasture.Rules
Policy:
AuditDSAccess
Computer Setting: Success,
Failure

GPO: Pasture.Rules
Policy:
AuditAccountLogon
Computer Setting: Success,
Failure

GPO: Pasture.Rules
Policy:
AuditAccountManage
Computer Setting: Success

GPO: Pasture.Rules
Policy:
AuditLogonEvents
Computer Setting: Success,

https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 6/14
4/11/2017 ViewingGPOsontheCommandline

Failure

User Rights
-----------
N/A

Security Options
----------------
GPO: Default Domain Policy
Policy:
RequireLogonToChangePassword
Computer Setting: Not
Enabled

GPO: Good.Goats
Policy:
EnableGuestAccount
Computer Setting: Not
Enabled

GPO: Default Domain Policy

Policy:
PasswordComplexity
Computer Setting: Enabled

GPO: Default Domain Policy

Policy:
ForceLogoffWhenHourExpire
Computer Setting: Not
Enabled

GPO: Default Domain Policy

Policy:
ClearTextPassword
Computer Setting: Not
Enabled

Event Log Settings

------------------
N/A

Restricted Groups
-----------------
N/A

System Services

https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 7/14
4/11/2017 ViewingGPOsontheCommandline

---------------
N/A

Registry Settings
-----------------
N/A

File System Settings

--------------------
N/A

Public Key Policies

-------------------
N/A

Administrative Templates
------------------------
N/A

USER SETTINGS
--------------
CN=Billy,OU=Goats,DC=mars,DC=local
Last time Group Policy was applied:
8/26/2011 at 3:03:20 PM
Group Policy was applied from:
phobos.mars.local
Group Policy slow link threshold: 500
kbps

Applied Group Policy Objects

-----------------------------
Pasture.Rules
Good.Goats
Default Domain Policy

The following GPOs were not applied

because they were filtered out
---------------------------------------
----------------------------
Local Group Policy
Filtering: Not Applied (Empty)

The user is a part of the following

security groups:
---------------------------------------
-------------

https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 8/14
4/11/2017 ViewingGPOsontheCommandline

Domain Users
Everyone
BUILTINUsers
NT AUTHORITYINTERACTIVE
NT AUTHORITYAuthenticated Users
LOCAL

Resultant Set Of Policies for User:

------------------------------------

Software Installations
----------------------
N/A

Public Key Policies

-------------------
N/A

Administrative Templates
------------------------
GPO: Good.Goats
Setting:
SoftwareMicrosoftWindowsCurrentVersionPolic
iesExplorer
State: Enabled

GPO: Good.Goats
Setting:
SoftwareMicrosoftWindowsCurrentVersionPolic
iesUninstall
State: Enabled

GPO: Pasture.Rules
Setting:
SoftwarePoliciesMicrosoftWindowsControl
PanelDesktop
State: Enabled

GPO: Good.Goats
Setting:
SoftwarePoliciesMicrosoftWindowsControl
PanelDesktop
State: Enabled

GPO: Good.Goats
Setting:

https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 9/14
4/11/2017 ViewingGPOsontheCommandline

SoftwarePoliciesMicrosoftWindowsControl
PanelDesktop
State: Enabled

GPO: Good.Goats
Setting:
SoftwareMicrosoftWindowsCurrentVersionPolic
iesSystem
State: Enabled

GPO: Pasture.Rules
Setting:
SoftwarePoliciesMicrosoftWindowsControl
PanelDesktop
State: Enabled

GPO: Pasture.Rules
Setting:
SoftwarePoliciesMicrosoftWindowsControl
PanelDesktop
State: Enabled

GPO: Pasture.Rules
Setting:
SoftwarePoliciesMicrosoftWindowsControl
PanelDesktop
State: Enabled

GPO: Good.Goats
Setting:
SoftwarePoliciesMicrosoftWindowsControl
PanelDesktop
State: Enabled

GPO: Good.Goats
Setting:
SoftwareMicrosoftWindowsCurrentVersionPolic
iesUninstall
State: Enabled

Folder Redirection
------------------
N/A

Internet Explorer Browser User

Interface

https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 10/14
4/11/2017 ViewingGPOsontheCommandline

-----------------------------------
-----
N/A

Internet Explorer Connection

----------------------------
N/A

Internet Explorer URLs

----------------------
N/A

Internet Explorer Security

--------------------------
N/A

Internet Explorer Programs

--------------------------
N/A

Data of particular interest to an attacker is output of the security

group information, which lists what security groups the user account
youre logged in as belongs to.

The user is a part of the following
security groups:
---------------------------------------
-------------
Domain Users
Everyone
BUILTINUsers
NT AUTHORITYINTERACTIVE
NT AUTHORITYAuthenticated Users
LOCAL

In this example the user is just a member of the default groups and
is fairly restricted.
Other information of note is the output of Account Policies which
lists what password policies are in effect for the workstation as well
as the domain. This can help gauge what type of password

https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 11/14
4/11/2017 ViewingGPOsontheCommandline

guessing you can perform against other machines on the domain

without locking accounts out.

Account Policies
----------------
GPO: Default Domain Policy
Policy:
MinimumPasswordAge
Computer Setting: 1

GPO: Default Domain Policy

Policy:
PasswordHistorySize
Computer Setting: 24

GPO: Default Domain Policy

Policy:
LockoutDuration
Computer Setting: 30

GPO: Default Domain Policy

Policy:
ResetLockoutCount
Computer Setting: 30

GPO: Default Domain Policy

Policy:
MinimumPasswordLength
Computer Setting: 7

GPO: Default Domain Policy

Policy:
LockoutBadCount
Computer Setting: 5

GPO: Default Domain Policy

Policy:
MaximumPasswordAge
Computer Setting: 42

All of this data can be accessed as a normal, limited user account

and reveals a wealth of information about the conguration of the

https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 12/14
4/11/2017 ViewingGPOsontheCommandline

domain which the machine is joined to. This info can aid greatly in a
pentesters quest to gain further access into the network.

penetration test vulnerability assessment

vulnerability management

Share This Page

Related Posts

Converting Lots of Attacking Webmail Get a Meterpreter

PDFs to TXTs in User Accounts Shell Using SMB
Ubuntu/Debian Credentials
Webmail is
For those of you absolutely The Meterpreter
who are everywhere. I shell in
struggling to nd rarely come Metasploit is a
a way to convert across a fantastic way to
PDF les corporate interact with a

Leave a Reply
Your email address will not be published. Required elds are marked *

Name *

Email *

Website

Comment

https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 13/14
4/11/2017 ViewingGPOsontheCommandline

Post Comment

https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 14/14