How to export W2K Effective Policy Setting?

Archived from groups: microsoft.public.win2000.security (More info?)

Hi All,
I am trying to export Resultant Set Of Policies, or RSOP, meaning
"effective policy" using the below Secedit command in a batch file,
%SystemRoot%\system32\secedit.exe /export /mergedpolicy /cfg dump.inf /areas
SECURITYPOLICY /quiet

I am getting the information from W2K3 and Xp but for W2K it appears to only
pick up the local policy setting. It is strange that when in Local Security
Settings and select Action and then Export List (this includes both policy
settings). Can someone here if you have any advice on how to pickup these
settings for Windows 2000 servers? Thanks in Advance.

Regards,
Murali.
7 answers Last reply
More about export effective policy setting
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    I am not sure if this will help but for Windows 2000 try specifying the
    secedit.sdb [full path] in your secedit command. --- Steve


    "Murali.A" <Murali.A@discussions.microsoft.com> wrote in message
    news:62B46781-B244-4441-AA6E-6123A449E096@microsoft.com...
    > Hi All,
    > I am trying to export Resultant Set Of Policies, or RSOP, meaning
    > "effective policy" using the below Secedit command in a batch file,
    > %SystemRoot%\system32\secedit.exe /export /mergedpolicy /cfg dump.inf
    > /areas
    > SECURITYPOLICY /quiet
    >
    > I am getting the information from W2K3 and Xp but for W2K it appears to
    > only
    > pick up the local policy setting. It is strange that when in Local
    > Security
    > Settings and select Action and then Export List (this includes both policy
    > settings). Can someone here if you have any advice on how to pickup these
    > settings for Windows 2000 servers? Thanks in Advance.
    >
    > Regards,
    > Murali.
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Support for RSoP was introduced with XP and Windows 2003.
    I was not aware the underlying support had been backported to
    Windows 2000.

    --
    Roger Abell
    Microsoft MVP (Windows Security)
    MCSE (W2k3,W2k,Nt4) MCDBA
    "Murali.A" <Murali.A@discussions.microsoft.com> wrote in message
    news:62B46781-B244-4441-AA6E-6123A449E096@microsoft.com...
    > Hi All,
    > I am trying to export Resultant Set Of Policies, or RSOP, meaning
    > "effective policy" using the below Secedit command in a batch file,
    > %SystemRoot%\system32\secedit.exe /export /mergedpolicy /cfg dump.inf
    /areas
    > SECURITYPOLICY /quiet
    >
    > I am getting the information from W2K3 and Xp but for W2K it appears to
    only
    > pick up the local policy setting. It is strange that when in Local
    Security
    > Settings and select Action and then Export List (this includes both policy
    > settings). Can someone here if you have any advice on how to pickup these
    > settings for Windows 2000 servers? Thanks in Advance.
    >
    > Regards,
    > Murali.
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    Thanks for that direction. I tried the below code and it is not working in
    Windows 2000 but working for XP and 2003. Seem that RsOP is not supported for
    Windows 2000. I still do not know what is the solution for Windows 2000.

    strDomain = "."
    Set objWMIService = GetObject _
    ("winmgmts:\\" & strDomain & "\root\rsop\computer")

    Set colItems = objWMIService.ExecQuery("Select * from
    RSOP_SecuritySettingBoolean")


    For Each objItem in colItems
    Wscript.Echo "Category: " & objItem.KeyName
    Wscript.Echo "Precedence: " & objItem.Setting
    'Wscript.Echo "Failure: " & objItem.Failure
    'Wscript.Echo "Success: " & objItem.Success
    Wscript.Echo
    Next


    Set colItems = objWMIService.ExecQuery("Select * from
    RSOP_SecuritySettingNumeric")


    For Each objItem in colItems
    Wscript.Echo "Category: " & objItem.KeyName
    Wscript.Echo "Precedence: " & objItem.Setting
    'Wscript.Echo "Failure: " & objItem.Failure
    'Wscript.Echo "Success: " & objItem.Success
    Wscript.Echo
    Next

    "Roger Abell" wrote:

    > Support for RSoP was introduced with XP and Windows 2003.
    > I was not aware the underlying support had been backported to
    > Windows 2000.
    >
    > --
    > Roger Abell
    > Microsoft MVP (Windows Security)
    > MCSE (W2k3,W2k,Nt4) MCDBA
    > "Murali.A" <Murali.A@discussions.microsoft.com> wrote in message
    > news:62B46781-B244-4441-AA6E-6123A449E096@microsoft.com...
    > > Hi All,
    > > I am trying to export Resultant Set Of Policies, or RSOP, meaning
    > > "effective policy" using the below Secedit command in a batch file,
    > > %SystemRoot%\system32\secedit.exe /export /mergedpolicy /cfg dump.inf
    > /areas
    > > SECURITYPOLICY /quiet
    > >
    > > I am getting the information from W2K3 and Xp but for W2K it appears to
    > only
    > > pick up the local policy setting. It is strange that when in Local
    > Security
    > > Settings and select Action and then Export List (this includes both policy
    > > settings). Can someone here if you have any advice on how to pickup these
    > > settings for Windows 2000 servers? Thanks in Advance.
    > >
    > > Regards,
    > > Murali.
    > >
    >
    >
    >
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi thanks for your help. I tried the full path still the command does not
    appear to pickup the effective settings. I have issued additional command
    "Secedit /refreshpolicy machine_policy /enforce" But the the problem is, once
    the refresh is done, the local policy setting is overlayed into the effective
    setting!

    "Steven L Umbach" wrote:

    > I am not sure if this will help but for Windows 2000 try specifying the
    > secedit.sdb [full path] in your secedit command. --- Steve
    >
    >
    > "Murali.A" <Murali.A@discussions.microsoft.com> wrote in message
    > news:62B46781-B244-4441-AA6E-6123A449E096@microsoft.com...
    > > Hi All,
    > > I am trying to export Resultant Set Of Policies, or RSOP, meaning
    > > "effective policy" using the below Secedit command in a batch file,
    > > %SystemRoot%\system32\secedit.exe /export /mergedpolicy /cfg dump.inf
    > > /areas
    > > SECURITYPOLICY /quiet
    > >
    > > I am getting the information from W2K3 and Xp but for W2K it appears to
    > > only
    > > pick up the local policy setting. It is strange that when in Local
    > > Security
    > > Settings and select Action and then Export List (this includes both policy
    > > settings). Can someone here if you have any advice on how to pickup these
    > > settings for Windows 2000 servers? Thanks in Advance.
    > >
    > > Regards,
    > > Murali.
    > >
    >
    >
    >
  5. Archived from groups: microsoft.public.win2000.security (More info?)

    Hmm. Merged policy switch is shown as an option with Windows 2000 though I
    have never tried it myself. The export effective settings in Local Security
    Policy usually works but I don't think that will help with what you are
    trying to do. --- Steve


    "Murali.A" <MuraliA@discussions.microsoft.com> wrote in message
    news:C7FB3450-993F-4651-95AC-5E54A7C01EE7@microsoft.com...
    > Hi thanks for your help. I tried the full path still the command does not
    > appear to pickup the effective settings. I have issued additional command
    > "Secedit /refreshpolicy machine_policy /enforce" But the the problem is,
    > once
    > the refresh is done, the local policy setting is overlayed into the
    > effective
    > setting!
    >
    > "Steven L Umbach" wrote:
    >
    >> I am not sure if this will help but for Windows 2000 try specifying the
    >> secedit.sdb [full path] in your secedit command. --- Steve
    >>
    >>
    >> "Murali.A" <Murali.A@discussions.microsoft.com> wrote in message
    >> news:62B46781-B244-4441-AA6E-6123A449E096@microsoft.com...
    >> > Hi All,
    >> > I am trying to export Resultant Set Of Policies, or RSOP, meaning
    >> > "effective policy" using the below Secedit command in a batch file,
    >> > %SystemRoot%\system32\secedit.exe /export /mergedpolicy /cfg dump.inf
    >> > /areas
    >> > SECURITYPOLICY /quiet
    >> >
    >> > I am getting the information from W2K3 and Xp but for W2K it appears to
    >> > only
    >> > pick up the local policy setting. It is strange that when in Local
    >> > Security
    >> > Settings and select Action and then Export List (this includes both
    >> > policy
    >> > settings). Can someone here if you have any advice on how to pickup
    >> > these
    >> > settings for Windows 2000 servers? Thanks in Advance.
    >> >
    >> > Regards,
    >> > Murali.
    >> >
    >>
    >>
    >>
  6. Archived from groups: microsoft.public.win2000.security (More info?)

    Win2k doesn't support RSoP.

    Remove the /mergedpolicy switch from your command line. With it you will
    get the local policy table. Without it you will get the combined group
    policy + local policy table. Don't use the /db parameter when you run this
    either so it defaults to using secedit.sdb.

    N

    --
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Any opinions or policies stated within are my own and do not necessarily
    constitute those of my employer. Use of included script samples are subject
    to the terms specified at http://www.microsoft.com/info/cpyright.htm


    "Murali.A" <Murali.A@discussions.microsoft.com> wrote in message
    news:62B46781-B244-4441-AA6E-6123A449E096@microsoft.com...
    > Hi All,
    > I am trying to export Resultant Set Of Policies, or RSOP, meaning
    > "effective policy" using the below Secedit command in a batch file,
    > %SystemRoot%\system32\secedit.exe /export /mergedpolicy /cfg dump.inf
    > /areas
    > SECURITYPOLICY /quiet
    >
    > I am getting the information from W2K3 and Xp but for W2K it appears to
    > only
    > pick up the local policy setting. It is strange that when in Local
    > Security
    > Settings and select Action and then Export List (this includes both policy
    > settings). Can someone here if you have any advice on how to pickup these
    > settings for Windows 2000 servers? Thanks in Advance.
    >
    > Regards,
    > Murali.
    >
  7. Archived from groups: microsoft.public.win2000.security (More info?)

    Hello Nick,
    Thanks for your valuable suggestion. You are correct RSoP is not supported
    in W2k. I tried the below even before I applied the switch mergedpolicy and
    /db parameter not used,
    %SystemRoot%\system32\secedit.exe /export /cfg dump.inf
    I am only getting the local policy table and I am unable to the the combined
    group policy + local policy table.
    Example:
    In window 2000 server, I set the password history setting for local to 5,
    the effective setting was left at 6. Once the above command runs, the
    results of the example is 5.
    After that I tried another command,
    %SystemRoot%\system32\secedit.exe /refreshpolicy machine_policy /enforce
    %SystemRoot%\system32\secedit.exe /export /cfg dump.inf
    I set the password history setting for local to 5, the effective setting was
    left at 6. Once the script runs, the effective setting is changed to 5. The
    results of the check for this example is 5. So still it does not appear to
    pickup the effective settings. Any thought on this! I am not sure how this is
    working in your server.

    Thanks & Regards,
    Murali.

    "Nick Finco [MSFT]" wrote:

    > Win2k doesn't support RSoP.
    >
    > Remove the /mergedpolicy switch from your command line. With it you will
    > get the local policy table. Without it you will get the combined group
    > policy + local policy table. Don't use the /db parameter when you run this
    > either so it defaults to using secedit.sdb.
    >
    > N
    >
    > --
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    > Any opinions or policies stated within are my own and do not necessarily
    > constitute those of my employer. Use of included script samples are subject
    > to the terms specified at http://www.microsoft.com/info/cpyright.htm
    >
    >
    > "Murali.A" <Murali.A@discussions.microsoft.com> wrote in message
    > news:62B46781-B244-4441-AA6E-6123A449E096@microsoft.com...
    > > Hi All,
    > > I am trying to export Resultant Set Of Policies, or RSOP, meaning
    > > "effective policy" using the below Secedit command in a batch file,
    > > %SystemRoot%\system32\secedit.exe /export /mergedpolicy /cfg dump.inf
    > > /areas
    > > SECURITYPOLICY /quiet
    > >
    > > I am getting the information from W2K3 and Xp but for W2K it appears to
    > > only
    > > pick up the local policy setting. It is strange that when in Local
    > > Security
    > > Settings and select Action and then Export List (this includes both policy
    > > settings). Can someone here if you have any advice on how to pickup these
    > > settings for Windows 2000 servers? Thanks in Advance.
    > >
    > > Regards,
    > > Murali.
    > >
    >
    >
    >
Ask a new question

Read More

Policy Security Windows