GPO Settings Checker is designed to check one or more GPO Settings in an AD Domain. The overall objective of GPO Settings Checker is to ensure a particular or a set of GPO settings are configured in the AD Domains and are applying to the objects. The resulting pane shows the OU to which the GPOs are linked to. Checking GPO Settings in SmartProfiler involves three steps. The article explains how to use GPO Settings Checker in SmartProfiler for Active Directory.
Checking Group Policy Object settings in Active Directory is an important administrators task for maintaining a secure and well configured Active Directory environment. Administrators can review GPO settings through the Group Policy Management Console. However, GPO Settings checker that ship with SmartProfiler can be used to check specific GPO settings in all or a single AD Domain.
When conducting a review of Group Policy settings in Active Directory, we usually check policy settings such as Password Policies, User Rights Assignment, Security Options, Audit Policies, Windows Firewall Settings, Software Restriction Policies/AppLocker, Windows Update Settings, Drive Mapping and Folder Redirection, Internet Explorer Settings, Remote Desktop Services (RDS) and other settings.
To open the GPO Settings Checker, please click on “GPO SETTINGS CHECKER” button in the left pane:
In the “Type Settings” tab, provide the GPO Setting names that you would like to check separated by “^”. All settings that you specify in the “Type Settings” window need to be matching with as it shows in the GPMC console for a Group Policy Object.
If you are unsure of the settings, then please switch to the “Select Settings” tab and then double click on the setting to be added to “Type Settings” Tab. For example, as you can see in the screenshot below, we selected “Let Windows Apps Access the Calendar” and “Let Windows Apps Access the Camera” setting and added by double clicking on the setting.
If you switch to “Type Settings” tab you can see those GPO Settings that you just selected:
Once you have added the settings to be checked, select the AD Domain in “Select AD Domain” dropdown and then click on “Check Settings” button. The process will check the settings in the select AD Domain and the result will be shown in the right pane. The “Final Status” will show if the GPO Setting is configured in a domain or not.
Please note GPO Settings Checker can also be used for all AD Domains in an AD Forest. If you have multiple AD Domains and would like to check the GPO Settings for multiple AD domains then you will need to select “AD Forest_<AD Foerst Name> in the Select AD Domain dropdown as shown below:
Once the GPO Settings Checker has finished checking all GPO settings that result will be shown in the right pane grid. The result contains the list of settings, GPO Name, AD domain, linked organizational units and the final status indicating whether the group policy setting has been defined or not.
You can also check all GPO settings recommended by Center for Internet Security for Windows Domain Controllers and Member Servers. Checking GPO Settings in SmartProfiler is also recommended to ensure your environment is configured according to settings recommended by CIS and NIST. Checking GPO Settings in SmartProfiler now becomes easier using the GPO Settings Checker by SmartProfiler.
Try SmartProfiler, a unified tool to help with security evaluation across many Microsoft technologies including checking GPO Settings.