Forum Discussion
d_irving
Aug 08, 2022Copper Contributor
Policy Analyzer showing incorrect values
Today I created a backup of my group policy objects and compared them to Microsoft's baselines. But, the GPO backup seems to be displaying the wrong values in Policy Analyzer. As seen in...
AaronMargosis_Tanium
Aug 08, 2022Iron Contributor
In that Policy Analyzer window, enable Options \ Show GPO names and files in Details pane.
That will tell you exactly what files contain the settings being displayed. Find the GptTmpl.inf files corresponding to the settings that appear to be wrong.
That will tell you exactly what files contain the settings being displayed. Find the GptTmpl.inf files corresponding to the settings that appear to be wrong.
- d_irvingAug 09, 2022Copper Contributor
I found the GptTmpl.inf for those two policy settings and it displays this -
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM=4,0What am I supposed to do with this information?
- AaronMargosis_TaniumAug 09, 2022Iron Contributor
d_irving Well, it's showing that Policy Analyzer is correctly rendering the GPOs you backed up.
The syntax for the [Registry Values] part of the security template is:
key\valuename=type,datatype 4 is REG_DWORD, and it's set to 0, which is what Policy Analyzer is reporting.
Are you certain that the GPOs you're backing up and importing into Policy Analyzer are the same ones that you're looking at on the right-hand side of the screenshot you posted?
- d_irvingAug 09, 2022Copper ContributorYes, I backed up all the GPO's and put them into the policy analyzer.
The policy analyzer shows the setting is from the Default Domain Policy, but the Default Domain Policy is shown on the right with different settings.