Académique Documents
Professionnel Documents
Culture Documents
0 Comments
Want a quick way to see what GPOs are applied to your local
system, just using built in utilities? Using the GUI to manually view
what settings are applied is awkward and slow. ?Use the following
commands to see what policies are being handed down to the
system youre on and what theyre enforcing. ?This info can be
incredibly handy during a pentest in order to nd out the limitations
being imposed on a specic system youve compromised. It can
also be very valuable during a vulnerability assessment to spot-
check policies being passed down from the domain or forest a
workstation is a member of.
gpresult
C:Documents and Settingsbilly> gpresult
https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 1/14
4/11/2017 ViewingGPOsontheCommandline
OS Type: Microsoft
Windows XP Professional
OS Configuration: Member
Workstation
OS Version: 5.1.2600
Domain Name: MARS
Domain Type: Windows 2000
Site Name: Default-First-
Site-Name
Roaming Profile:
Local Profile: C:Documents
and Settingsbilly
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=EARTH,OU=Goats,DC=mars,DC=local
Last time Group Policy was applied:
8/26/2011 at 3:03:25 PM
Group Policy was applied from:
phobos.mars.local
Group Policy slow link threshold: 500
kbps
https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 2/14
4/11/2017 ViewingGPOsontheCommandline
BUILTINAdministrators
Everyone
NT AUTHORITYAuthenticated Users
USER SETTINGS
--------------
CN=Billy,OU=Goats,DC=mars,DC=local
Last time Group Policy was applied:
8/26/2011 at 3:03:20 PM
Group Policy was applied from:
phobos.mars.local
Group Policy slow link threshold: 500
kbps
gpresult /z
https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 3/14
4/11/2017 ViewingGPOsontheCommandline
Microsoft (R) Windows (R) XP Operating
System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
OS Type: Microsoft
Windows XP Professional
OS Configuration: Member
Workstation
OS Version: 5.1.2600
Domain Name: MARS
Domain Type: Windows 2000
Site Name: Default-First-
Site-Name
Roaming Profile:
Local Profile: C:Documents
and Settingsbilly
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=EARTH,OU=Goats,DC=mars,DC=local
Last time Group Policy was applied:
8/26/2011 at 3:03:25 PM
Group Policy was applied from:
phobos.mars.local
Group Policy slow link threshold: 500
kbps
https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 4/14
4/11/2017 ViewingGPOsontheCommandline
Software Installations
----------------------
N/A
Startup Scripts
---------------
N/A
Shutdown Scripts
----------------
N/A
Account Policies
----------------
GPO: Default Domain Policy
Policy:
MinimumPasswordAge
Computer Setting: 1
https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 5/14
4/11/2017 ViewingGPOsontheCommandline
ResetLockoutCount
Computer Setting: 30
Audit Policy
------------
GPO: Pasture.Rules
Policy:
AuditPolicyChange
Computer Setting: Success
GPO: Pasture.Rules
Policy:
AuditDSAccess
Computer Setting: Success,
Failure
GPO: Pasture.Rules
Policy:
AuditAccountLogon
Computer Setting: Success,
Failure
GPO: Pasture.Rules
Policy:
AuditAccountManage
Computer Setting: Success
GPO: Pasture.Rules
Policy:
AuditLogonEvents
Computer Setting: Success,
https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 6/14
4/11/2017 ViewingGPOsontheCommandline
Failure
User Rights
-----------
N/A
Security Options
----------------
GPO: Default Domain Policy
Policy:
RequireLogonToChangePassword
Computer Setting: Not
Enabled
GPO: Good.Goats
Policy:
EnableGuestAccount
Computer Setting: Not
Enabled
Restricted Groups
-----------------
N/A
System Services
https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 7/14
4/11/2017 ViewingGPOsontheCommandline
---------------
N/A
Registry Settings
-----------------
N/A
Administrative Templates
------------------------
N/A
USER SETTINGS
--------------
CN=Billy,OU=Goats,DC=mars,DC=local
Last time Group Policy was applied:
8/26/2011 at 3:03:20 PM
Group Policy was applied from:
phobos.mars.local
Group Policy slow link threshold: 500
kbps
https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 8/14
4/11/2017 ViewingGPOsontheCommandline
Domain Users
Everyone
BUILTINUsers
NT AUTHORITYINTERACTIVE
NT AUTHORITYAuthenticated Users
LOCAL
Software Installations
----------------------
N/A
Administrative Templates
------------------------
GPO: Good.Goats
Setting:
SoftwareMicrosoftWindowsCurrentVersionPolic
iesExplorer
State: Enabled
GPO: Good.Goats
Setting:
SoftwareMicrosoftWindowsCurrentVersionPolic
iesUninstall
State: Enabled
GPO: Pasture.Rules
Setting:
SoftwarePoliciesMicrosoftWindowsControl
PanelDesktop
State: Enabled
GPO: Good.Goats
Setting:
SoftwarePoliciesMicrosoftWindowsControl
PanelDesktop
State: Enabled
GPO: Good.Goats
Setting:
https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 9/14
4/11/2017 ViewingGPOsontheCommandline
SoftwarePoliciesMicrosoftWindowsControl
PanelDesktop
State: Enabled
GPO: Good.Goats
Setting:
SoftwareMicrosoftWindowsCurrentVersionPolic
iesSystem
State: Enabled
GPO: Pasture.Rules
Setting:
SoftwarePoliciesMicrosoftWindowsControl
PanelDesktop
State: Enabled
GPO: Pasture.Rules
Setting:
SoftwarePoliciesMicrosoftWindowsControl
PanelDesktop
State: Enabled
GPO: Pasture.Rules
Setting:
SoftwarePoliciesMicrosoftWindowsControl
PanelDesktop
State: Enabled
GPO: Good.Goats
Setting:
SoftwarePoliciesMicrosoftWindowsControl
PanelDesktop
State: Enabled
GPO: Good.Goats
Setting:
SoftwareMicrosoftWindowsCurrentVersionPolic
iesUninstall
State: Enabled
Folder Redirection
------------------
N/A
https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 10/14
4/11/2017 ViewingGPOsontheCommandline
-----------------------------------
-----
N/A
The user is a part of the following
security groups:
---------------------------------------
-------------
Domain Users
Everyone
BUILTINUsers
NT AUTHORITYINTERACTIVE
NT AUTHORITYAuthenticated Users
LOCAL
In this example the user is just a member of the default groups and
is fairly restricted.
Other information of note is the output of Account Policies which
lists what password policies are in effect for the workstation as well
as the domain. This can help gauge what type of password
https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 11/14
4/11/2017 ViewingGPOsontheCommandline
Account Policies
----------------
GPO: Default Domain Policy
Policy:
MinimumPasswordAge
Computer Setting: 1
https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 12/14
4/11/2017 ViewingGPOsontheCommandline
domain which the machine is joined to. This info can aid greatly in a
pentesters quest to gain further access into the network.
vulnerability management
Related Posts
Leave a Reply
Your email address will not be published. Required elds are marked *
Name *
Email *
Website
Comment
https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 13/14
4/11/2017 ViewingGPOsontheCommandline
Post Comment
https://www.redspin.com/itsecurityblog/2011/09/viewinggposonthecommandline/ 14/14