Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Discussions
Off Topic
Difference between gpedit.msc and secpol.msc
dmoore44
Just wondering if there are any differences between using gpedit.msc of secpol.msc when configuring local GPOs. The reason I ask is that there are several registry keys that determine if a given setting is set, or in effect (which can make it a headache when performing a system audit)...
As a quick example, the following registry keys all govern the Domain Profile active state:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile
When I audit various machines, I can see a varying combination of those keys set to 1 or 0... which makes it a giant pain in the arse when attempting to automate the audit process (because now I have to check 3 (or more!) registry keys...
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
coty24
I don't know this helps but I found this link:
server 2008 - local security policy vs. domain security policy
Claymoore
Here is a link to my response to your earlier post regarding Group Policy vs SecPol:
http://www.techexams.net/forums/off-topic/84475-microsoft-security-compliance-manager-vs-local-security-policy-secpol-msc.html
In that post I mention that you will have to run an audit against every workstation to verify compliance if you choose to go the Local Group Policy / SecPol path instead of domain based Group Policy and Group Policy preferences. As you now know, that isn't much fun.
If you are using SecPol and Group Policies the audit gets complicated. SecPol edits the registry directly while Group Policy configures the settings in a Policy subkey that overrides the regular registry setting. You will need to audit the HKLM\Softwary\Policies subkeys as well, and compare where those settings override the settings in HKLM. When you see the conflicts in the registry settings you are auditing above, the setting in HKLM\Software\Policies will be the ones that are applied.
Do you have access to System Center Configuration Manager? The
Desired Configuration Management
feature would automate the collection for you.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
