Find GPO setting from a .reg file

The ubiquitous operating system, discussion of its (many) flaws, and how to mitigate the risks of those flaws

Find GPO setting from a .reg file

Post by madmax0150 on Fri Jan 04, 2013 3:38 am
([msg=72018]see Find GPO setting from a .reg file[/msg])

so i have a win xp system that is locked down with group policy setting. since Group Policy Editor basically just writes changes to the registry, information about what GPO restriction are enabled should be found within a exported registry file. with a batch script im am able to export the registry to .reg file.

Code: Select all
REG EXPORT HKEY_CLASSES_ROOT %~dp0Logs\%COMPUTERNAME%\HKEY_CLASSES_ROOT.reg
REG EXPORT HKEY_CURRENT_USER %~dp0Logs\%COMPUTERNAME%\HKEY_CURRENT_USER.reg
REG EXPORT HKEY_LOCAL_MACHINE %~dp0Logs\%COMPUTERNAME%\HKEY_LOCAL_MACHINE.reg
REG EXPORT HKEY_USERS %~dp0Logs\%COMPUTERNAME%\HKEY_USERS.reg
REG EXPORT HKEY_CURRENT_CONFIG %~dp0Logs\%COMPUTERNAME%\HKEY_CURRENT_CONFIG.reg


With these files i want to extract the currently enabled GPO setting from the registry keys.


i have only thought of two was i could do this ,
1. find some sort of software that can import the .reg file and find the enabled GPO registry keys within it.

or

2. write up a batch file that will compare the text of the HKEY_LOCAL_MACHINE.reg file to a list of know gpo registry keys, and display the key present in the .reg file.
Microsoft provides a .xml file with info on what registry keys are links to which GPO settings. the file can be found here.
Code: Select all
http://www.microsoft.com/en-us/download/details.aspx?id=25250




does anyone know of any other way to find the gpo setting from .reg file or know of a software that could help me analyze the .reg file.

any help is appreciated.
Disclaimer: Nothing posted by me is true. Any pictures posted by me are fictitious and found elsewhere online.
madmax0150
New User
New User
 
Posts: 10
Joined: Thu Jun 07, 2012 3:01 pm
Blog: View Blog (0)


Re: Find GPO setting from a .reg file

Post by weekend hacker on Fri Jan 04, 2013 6:51 am
([msg=72026]see Re: Find GPO setting from a .reg file[/msg])

I like your style.
You could always just use regedit.exe and search the real registry instead of those exported files or maybe even gpedit itself(unless if thats one of the policies set I guess). I recall using some random tools on linux to mess with the windows registry without the hassle of actually booting windows but I really can't remember what it was called.
But considering that you're on a locked down machine, would you even have the proper permissions to export the keys that are relevant to the group policy? I haven't played with windows in a quite a while but that doesn't seem like something you want a basic user to be able to play with.(then again microsoft isn't known for making good security decisions so who knows..)
You could try to make a shortcut to C:\WINDOWS\system32\gpedit.msc and maybe regedit too. See if that works for direct access. If not.. guess the script is your best option if you can't boot a live cd.

Good luck, happy hacking ;)
<Yoda> if someone says something i don't like, i ban him, ban whoever defends him, and then ban the witnesses...
User avatar
weekend hacker
Administrator
Administrator
 
Posts: 192
Joined: Sun Apr 13, 2008 2:39 pm
Location: 127.0.0.1
Blog: View Blog (0)



Return to Microsoft Windows

Who is online

Users browsing this forum: No registered users and 0 guests

cron