Re: Viewing Local Security Policy on Windows 2003 Member Server?

That's correct. You will only see the effective security policy using gpedit.msc. I don't know of any tools that will show you the default security policy in the absence of a domain, while you're in the domain. My rough understanding of the way that works is that for member servers and workstations in the domain, their local LSA policy is temporarily surpressed by any domain policy they receive. There may be APIs that would query that "raw" policy directly but I haven't seen them. I think the best you can do is view one of the default security templates that are applied to windows when its installed, like setupsecurity.inf or defltwk.inf


Darren

--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy

Script Group Policy Settings with the GPExpert Scripting Toolkit for PowerShell!
Find out more at http://www.sdmsoftware.com/products2.php

Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy Information Hub:
FAQs, Training Videos, Whitepapers and Utilities for all things Group
Policy-related

"Will" <westes-usc@xxxxxxxxxxxxxx> wrote in message news:SYqdnRYNobOFHIjanZ2dnUVZ_vCknZ2d@xxxxxxxxxxxxxxx
"Alan" <alan@xxxxxxxxx> wrote in message news:uXJGfVGEIHA.1316@xxxxxxxxxxxxxxxxxxxxxxx
Can't you just add the Group Policy Object Editor through MMC and scope it to the local machine?

Maybe I am missing something?

Maybe I am doing this wrong, but I start MMC, Add-In Group Policy Object Editor, specify Local Machine, and Add. When I go to view the policies, they are NOT the local policies, but are the domain policies.

--
Will

"Will" <westes-usc@xxxxxxxxxxxxxx> wrote in message news:UsqdnTDIGY-K7YjanZ2dnUVZ_s-pnZ2d@xxxxxxxxxxxxxxx
Is there an application that will show the current values stored in *local* security policy on a Windows 2003 member server. I know I can use rsop.msc to view *group* policy, but I don't want group policy of the domain as applied to the member server. I want to see what are the native security settings that would be in effect on the member server if it were not in the domain at all.

Windows 2000 secpol.msc used to show you both the local and effective settings. It looks like Microsoft removed that from Windows 2003. Is there any way to recover this local view short of removing the computer fromthe domain and rebooting?!



.

Relevant Pages

  • Re: Password Policy - .net Server
    ... Microsoft MVP (Windows Server System: ... > This has been done in the domain security policy, ...
    (microsoft.public.windows.group_policy)
  • Viewing Local Security Policy on Windows 2003 Member Server?
    ... security policy on a Windows 2003 member server. ... Windows 2000 secpol.msc used to show you both the local and effective ...
    (microsoft.public.windows.group_policy)
  • Re: CD-RW wont Autorun
    ... that probably is enabled in a Group Policy at the domain/OU level. ... There is setting in Local Security Policy under security settings/local policies/security options - devices:allowed to format and eject removable media where you might want to configure it to be administrators and interactive users. ...
    (microsoft.public.windows.group_policy)
  • Re: Viewing Local Security Policy on Windows 2003 Member Server?
    ... security policy in the absence of a domain, ... I realize the Windows 2000 way of presenting the information was confusing ... Maybe I am doing this wrong, but I start MMC, Add-In Group Policy Object ...
    (microsoft.public.windows.group_policy)
  • Re: Logon Banner
    ... Thanks for the response. ... Security Policy. ... > right-click the Domain, select Properties, Group Policy Tab, Default Domain ...
    (microsoft.public.win2000.group_policy)
Loading