The basic elements of the Group Policy Editor are implemented in gpedit.dll, if
you launch it via gpedit.msc you get LGP (Local Group Policy) which is only the
most basic subset of the settings available as you noticed. I've seen it
described as the top level of the namespace which is actually an extensible
tree of components. If you launch it from ADUC or ADS&S, a number of different
server-side snap-in extension dlls expose those various additional components
that are available. Kind of a gross over-simplification but it's late :-)
If you wanted to open gpedit focused on a remote machine: gpedit.msc
/gpcomputer: machinename
If you wanted to edit a domain policy you supply the path to the GPC-
gpedit.msc
/gpobject:"LDAP://CN={31W3F340-816D-14D2-945F-00C14FB584FJ},CN=Policies,CN=System,DC=Kurts,DC=Place,DC=com"
-----Original Message-----
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Tuesday, February 09, 2010 3:01 PM
To: NT System Admin Issues
Subject: Re: Reviewing my GPs, and found something I don't understand
That's fine, but when launched from ADUC, I get what seems to be
essentially the same interface as gpedit.msc, except that it's
pointing to the domain.
By "launched from ADUC", I mean I open ADUC on my workstation,
navigate to the OU in question, select Properties from the context
menu, select the Group Policy tab, right-mouse-click on the GP in
question and select Edit. At that point, I can navigate the tree in
the left hand pane, and see what I expected to see, which is the
"Computer Configuration\Administrative Templates\System" - that's
missing from the local version.
I even tried Start/Run/"gpedit.msc \\dc1" and that didn't work either.
As I said, this is pretty minor, but I'm curious about it.
Kurt
On Tue, Feb 9, 2010 at 14:27, Christopher <c.bo...@gmail.com> wrote:
> I'm not sure I understand.. running gpedit.msc by itself just gets you
> into the local policy, this is expected.
>
>
> On Tue, Feb 9, 2010 at 4:24 PM, Kurt Buff <kurt.b...@gmail.com> wrote:
>> Minor issue, but it caused me to fumble for a few minutes....
>>
>> I was looking over my Group Policies, and couldn't find them.
>>
>> I tracked it down, but need some help understanding what I was looking at.
>>
>> Win2k3 R2 domain, FFL/DFL.
>>
>> I started gpedit.msc via Start/Run on my XP SP3 workstation, and
>> started hunting for my DisableAutoplay GP, which I show as being
>> linked to my Workstation OU. I just couldn't see it anywhere, despite
>> going back to the MSFT KB article - 967715.
>>
>> I finally logged into my DC, and gpedit.msc showed the GP exactly as
>> expected. I then went back to ADUC on my workstation, and invoked
>> Properties on the OU in question, and it gave me a version of
>> gpedit.msc that was connected to the domain, as expected.
>>
>> It's obvious that my local copy of gpedit.msc is pointing to my local
>> machine (if I start it from Start/Run), but if invoked from ADUC it
>> works as expected.
>>
>> Can anyone enlighten me on this difference?
>>
>> Kurt
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
>
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
