Group Policy container

As with any other object, the Active Directory database also holds GPO information. This information is more related to system settings and the path reference for the other dataset. When GPO is created, as with any other AD object, it will also have the globally unique identifier (GUID) value; this is important as this value is used by both datasets to refer to each other. This value is used in Common-Name (CN) too. Before we look into datasets, we need to find the GUID value for the GPO. This can be done using the following command:

Get-GPO -name "Test Users"

The preceding PowerShell command will list the default properties of the Test Users GPO:

In the preceding figure, the Id attribute represents the GUID value of the Test Users GPO.

Now we have the GUID info, the next step is to review the Group Policy container (GPC) information for the given GPO. This information can be accessed using ADSI Edit MMC or Ldp.exe. On this occasion, I am going to use Ldp.exe to review the data.

In order to open Ldp.exe, type Ldp.exe in the domain controller's Run box. Then, go to the Connection menu and select Bind. Select the default options if the logged in account has relevant privileges (Schema or Enterprise Admin). In the next step, click on Tree under View and select the domain DN. As an example, in my demo, DN value is DC=rebeladmin,DC=com. GPC values are located under CN=Policies,CN=System,DC=rebeladmin,DC=com:

The policy object is further divided into two sections, which represent the Computer Configuration (machine) and the User Configuration (user):

The preceding screenshot shows details about the GPO we selected, including certain attribute values:

  • displayName: This attribute contains the name of the Group Policy, defined during the GPO setup process.
  • gPCFileSysPath: This attribute value represents the path to the other dataset of the GPO. This is called the Group Policy template path. It is always under the SYSVOL folder.
  • gPCMachineExtensionNames: This attribute lists all the client-side extensions (CSE) that need to process the GPO computer settings. This is all listed with GUIDs, and https://blogs.technet.microsoft.com/mempson/2010/12/01/group-policy-client-side-extension-list/ can be used as a reference to most of the known CSEs.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.16.69.143