Sign in with
Sign up | Sign in
Your question

How to export W2K Effective Policy Setting?

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
March 22, 2005 4:05:03 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi All,
I am trying to export Resultant Set Of Policies, or RSOP, meaning
"effective policy" using the below Secedit command in a batch file,
%SystemRoot%\system32\secedit.exe /export /mergedpolicy /cfg dump.inf /areas
SECURITYPOLICY /quiet

I am getting the information from W2K3 and Xp but for W2K it appears to only
pick up the local policy setting. It is strange that when in Local Security
Settings and select Action and then Export List (this includes both policy
settings). Can someone here if you have any advice on how to pickup these
settings for Windows 2000 servers? Thanks in Advance.

Regards,
Murali.
Anonymous
a b 8 Security
March 22, 2005 1:51:22 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I am not sure if this will help but for Windows 2000 try specifying the
secedit.sdb [full path] in your secedit command. --- Steve


"Murali.A" <Murali.A@discussions.microsoft.com> wrote in message
news:62B46781-B244-4441-AA6E-6123A449E096@microsoft.com...
> Hi All,
> I am trying to export Resultant Set Of Policies, or RSOP, meaning
> "effective policy" using the below Secedit command in a batch file,
> %SystemRoot%\system32\secedit.exe /export /mergedpolicy /cfg dump.inf
> /areas
> SECURITYPOLICY /quiet
>
> I am getting the information from W2K3 and Xp but for W2K it appears to
> only
> pick up the local policy setting. It is strange that when in Local
> Security
> Settings and select Action and then Export List (this includes both policy
> settings). Can someone here if you have any advice on how to pickup these
> settings for Windows 2000 servers? Thanks in Advance.
>
> Regards,
> Murali.
>
Anonymous
a b 8 Security
March 23, 2005 10:15:51 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Support for RSoP was introduced with XP and Windows 2003.
I was not aware the underlying support had been backported to
Windows 2000.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Murali.A" <Murali.A@discussions.microsoft.com> wrote in message
news:62B46781-B244-4441-AA6E-6123A449E096@microsoft.com...
> Hi All,
> I am trying to export Resultant Set Of Policies, or RSOP, meaning
> "effective policy" using the below Secedit command in a batch file,
> %SystemRoot%\system32\secedit.exe /export /mergedpolicy /cfg dump.inf
/areas
> SECURITYPOLICY /quiet
>
> I am getting the information from W2K3 and Xp but for W2K it appears to
only
> pick up the local policy setting. It is strange that when in Local
Security
> Settings and select Action and then Export List (this includes both policy
> settings). Can someone here if you have any advice on how to pickup these
> settings for Windows 2000 servers? Thanks in Advance.
>
> Regards,
> Murali.
>
Related resources
Anonymous
a b 8 Security
March 23, 2005 10:15:52 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Thanks for that direction. I tried the below code and it is not working in
Windows 2000 but working for XP and 2003. Seem that RsOP is not supported for
Windows 2000. I still do not know what is the solution for Windows 2000.

strDomain = "."
Set objWMIService = GetObject _
("winmgmts:\\" & strDomain & "\root\rsop\computer")

Set colItems = objWMIService.ExecQuery("Select * from
RSOP_SecuritySettingBoolean")


For Each objItem in colItems
Wscript.Echo "Category: " & objItem.KeyName
Wscript.Echo "Precedence: " & objItem.Setting
'Wscript.Echo "Failure: " & objItem.Failure
'Wscript.Echo "Success: " & objItem.Success
Wscript.Echo
Next


Set colItems = objWMIService.ExecQuery("Select * from
RSOP_SecuritySettingNumeric")


For Each objItem in colItems
Wscript.Echo "Category: " & objItem.KeyName
Wscript.Echo "Precedence: " & objItem.Setting
'Wscript.Echo "Failure: " & objItem.Failure
'Wscript.Echo "Success: " & objItem.Success
Wscript.Echo
Next

"Roger Abell" wrote:

> Support for RSoP was introduced with XP and Windows 2003.
> I was not aware the underlying support had been backported to
> Windows 2000.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "Murali.A" <Murali.A@discussions.microsoft.com> wrote in message
> news:62B46781-B244-4441-AA6E-6123A449E096@microsoft.com...
> > Hi All,
> > I am trying to export Resultant Set Of Policies, or RSOP, meaning
> > "effective policy" using the below Secedit command in a batch file,
> > %SystemRoot%\system32\secedit.exe /export /mergedpolicy /cfg dump.inf
> /areas
> > SECURITYPOLICY /quiet
> >
> > I am getting the information from W2K3 and Xp but for W2K it appears to
> only
> > pick up the local policy setting. It is strange that when in Local
> Security
> > Settings and select Action and then Export List (this includes both policy
> > settings). Can someone here if you have any advice on how to pickup these
> > settings for Windows 2000 servers? Thanks in Advance.
> >
> > Regards,
> > Murali.
> >
>
>
>
Anonymous
a b 8 Security
March 23, 2005 10:19:09 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi thanks for your help. I tried the full path still the command does not
appear to pickup the effective settings. I have issued additional command
"Secedit /refreshpolicy machine_policy /enforce" But the the problem is, once
the refresh is done, the local policy setting is overlayed into the effective
setting!

"Steven L Umbach" wrote:

> I am not sure if this will help but for Windows 2000 try specifying the
> secedit.sdb [full path] in your secedit command. --- Steve
>
>
> "Murali.A" <Murali.A@discussions.microsoft.com> wrote in message
> news:62B46781-B244-4441-AA6E-6123A449E096@microsoft.com...
> > Hi All,
> > I am trying to export Resultant Set Of Policies, or RSOP, meaning
> > "effective policy" using the below Secedit command in a batch file,
> > %SystemRoot%\system32\secedit.exe /export /mergedpolicy /cfg dump.inf
> > /areas
> > SECURITYPOLICY /quiet
> >
> > I am getting the information from W2K3 and Xp but for W2K it appears to
> > only
> > pick up the local policy setting. It is strange that when in Local
> > Security
> > Settings and select Action and then Export List (this includes both policy
> > settings). Can someone here if you have any advice on how to pickup these
> > settings for Windows 2000 servers? Thanks in Advance.
> >
> > Regards,
> > Murali.
> >
>
>
>
Anonymous
a b 8 Security
March 25, 2005 12:34:16 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hmm. Merged policy switch is shown as an option with Windows 2000 though I
have never tried it myself. The export effective settings in Local Security
Policy usually works but I don't think that will help with what you are
trying to do. --- Steve


"Murali.A" <MuraliA@discussions.microsoft.com> wrote in message
news:C7FB3450-993F-4651-95AC-5E54A7C01EE7@microsoft.com...
> Hi thanks for your help. I tried the full path still the command does not
> appear to pickup the effective settings. I have issued additional command
> "Secedit /refreshpolicy machine_policy /enforce" But the the problem is,
> once
> the refresh is done, the local policy setting is overlayed into the
> effective
> setting!
>
> "Steven L Umbach" wrote:
>
>> I am not sure if this will help but for Windows 2000 try specifying the
>> secedit.sdb [full path] in your secedit command. --- Steve
>>
>>
>> "Murali.A" <Murali.A@discussions.microsoft.com> wrote in message
>> news:62B46781-B244-4441-AA6E-6123A449E096@microsoft.com...
>> > Hi All,
>> > I am trying to export Resultant Set Of Policies, or RSOP, meaning
>> > "effective policy" using the below Secedit command in a batch file,
>> > %SystemRoot%\system32\secedit.exe /export /mergedpolicy /cfg dump.inf
>> > /areas
>> > SECURITYPOLICY /quiet
>> >
>> > I am getting the information from W2K3 and Xp but for W2K it appears to
>> > only
>> > pick up the local policy setting. It is strange that when in Local
>> > Security
>> > Settings and select Action and then Export List (this includes both
>> > policy
>> > settings). Can someone here if you have any advice on how to pickup
>> > these
>> > settings for Windows 2000 servers? Thanks in Advance.
>> >
>> > Regards,
>> > Murali.
>> >
>>
>>
>>
Anonymous
a b 8 Security
March 31, 2005 7:51:11 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Win2k doesn't support RSoP.

Remove the /mergedpolicy switch from your command line. With it you will
get the local policy table. Without it you will get the combined group
policy + local policy table. Don't use the /db parameter when you run this
either so it defaults to using secedit.sdb.

N

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Any opinions or policies stated within are my own and do not necessarily
constitute those of my employer. Use of included script samples are subject
to the terms specified at http://www.microsoft.com/info/cpyright.htm


"Murali.A" <Murali.A@discussions.microsoft.com> wrote in message
news:62B46781-B244-4441-AA6E-6123A449E096@microsoft.com...
> Hi All,
> I am trying to export Resultant Set Of Policies, or RSOP, meaning
> "effective policy" using the below Secedit command in a batch file,
> %SystemRoot%\system32\secedit.exe /export /mergedpolicy /cfg dump.inf
> /areas
> SECURITYPOLICY /quiet
>
> I am getting the information from W2K3 and Xp but for W2K it appears to
> only
> pick up the local policy setting. It is strange that when in Local
> Security
> Settings and select Action and then Export List (this includes both policy
> settings). Can someone here if you have any advice on how to pickup these
> settings for Windows 2000 servers? Thanks in Advance.
>
> Regards,
> Murali.
>
Anonymous
a b 8 Security
April 3, 2005 5:23:01 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hello Nick,
Thanks for your valuable suggestion. You are correct RSoP is not supported
in W2k. I tried the below even before I applied the switch mergedpolicy and
/db parameter not used,
%SystemRoot%\system32\secedit.exe /export /cfg dump.inf
I am only getting the local policy table and I am unable to the the combined
group policy + local policy table.
Example:
In window 2000 server, I set the password history setting for local to 5,
the effective setting was left at 6. Once the above command runs, the
results of the example is 5.
After that I tried another command,
%SystemRoot%\system32\secedit.exe /refreshpolicy machine_policy /enforce
%SystemRoot%\system32\secedit.exe /export /cfg dump.inf
I set the password history setting for local to 5, the effective setting was
left at 6. Once the script runs, the effective setting is changed to 5. The
results of the check for this example is 5. So still it does not appear to
pickup the effective settings. Any thought on this! I am not sure how this is
working in your server.

Thanks & Regards,
Murali.

"Nick Finco [MSFT]" wrote:

> Win2k doesn't support RSoP.
>
> Remove the /mergedpolicy switch from your command line. With it you will
> get the local policy table. Without it you will get the combined group
> policy + local policy table. Don't use the /db parameter when you run this
> either so it defaults to using secedit.sdb.
>
> N
>
> --
> This posting is provided "AS IS" with no warranties, and confers no rights.
> Any opinions or policies stated within are my own and do not necessarily
> constitute those of my employer. Use of included script samples are subject
> to the terms specified at http://www.microsoft.com/info/cpyright.htm
>
>
> "Murali.A" <Murali.A@discussions.microsoft.com> wrote in message
> news:62B46781-B244-4441-AA6E-6123A449E096@microsoft.com...
> > Hi All,
> > I am trying to export Resultant Set Of Policies, or RSOP, meaning
> > "effective policy" using the below Secedit command in a batch file,
> > %SystemRoot%\system32\secedit.exe /export /mergedpolicy /cfg dump.inf
> > /areas
> > SECURITYPOLICY /quiet
> >
> > I am getting the information from W2K3 and Xp but for W2K it appears to
> > only
> > pick up the local policy setting. It is strange that when in Local
> > Security
> > Settings and select Action and then Export List (this includes both policy
> > settings). Can someone here if you have any advice on how to pickup these
> > settings for Windows 2000 servers? Thanks in Advance.
> >
> > Regards,
> > Murali.
> >
>
>
>
!