Group Policy Blog

Understanding the Registry Policy Archive File

One of the advantages of messing around with Group Policy since before it shipped, is that there is a lot of stuff rattling around in my head that I’ve been re-thinking in the context of today’s modern threat landscape.  This allows me to think about current day problems in the context of how it “used […]

Group Policy Security– Tinkering with External Paths

If you’ve been following this blog, you know that about 2 and half years ago, I started talking about Group Policy’s precarious role in the typical enterprise’s security posture. Many, if not most, AD shops use GP to perform security hardening on their Windows desktops and servers. This includes everything from tweaking OS settings to […]

Speaking in Chicago Next Month!

Hey folks! Just a quick note that I’m giving a talk next month in Chicago. This is a follow-on to the Semperis Hybrid Identity Protection (HIP) Conference that I spoke at last November. This Chicago “Tech Day” event is a one-day event on March 13th in downtown Chicago, featuring a number of great speakers! I’ll […]

Performing a Denial of Service on AD–How Hard Is it Really?

I was motivated to write this post based on a vendor blog that I read recently, that talked about ways to maliciously perform what amounted to a denial of service attack on AD. Ostensibly the post was designed to sell software, which I don’t begrudge, but it got me thinking–how easy is this to do, […]

Protecting Active Directory–Making AD and Group Policy Less “Visible” to Attackers

A couple of weeks ago, I gave a webinar for Semperis, on the topic of protecting AD from attackers. I presented 5 tips on the things you can do within your AD and Windows environments, to protect against “information exposure” that might allow an attacker to find paths of higher privilege within your AD environments. […]

GPO Migrator 1.6 is Here–Make Quick Work of GPO Migrations and Reorganizations!

We’re happy to announce the general availability of GPO Migrator 1.6. GPO Migrator is SDM Software’s product for allowing “drag and drop” migration and reorganization of settings across GPOs. Whether you’re doing a domain clean-up or a migration or consolidation into a new AD domain, GPO Migrator greatly reduces the time and effort required to […]

Making Sense of Group Policy SYSVOL Mismatch Errors

When I was working on the update for our Group Policy Health Reporter freeware tool recently, I noticed a very annoying “feature” that Microsoft seemed to introduce into Group Policy on Windows 7 and 2008-R2 systems. I’m pretty sure it started when they released the infamous MS16-072 patch that I blogged extensively about last year. Namely, any health […]

Just In Time for Microsoft Ignite–A Sneak Peek of GPO Migrator 1.0!

Well, Microsoft Ignite is happening next week, and SDM Software will be there in force, occupying Booth #671 on the show floor. And no conference would be complete without showing off new toys. In our case, the new toy is a shiny new product called GPO Migrator. We’ll be demonstrating the first public appearance of GPO […]

Group Policy Security Compliance with PowerShell

Last year we shipped the Group Policy Compliance Manager (GPCM) product–our enterprise compliance reporting solution for Group Policy. Today we are releasing a new PowerShell module to go along with GPCM. This module allows for some cool capabilities for searching, reporting on and analyzing the data that GPCM collects. GPCM gathers Group Policy processing health and settings data […]

A Peek Inside Registry.pol

Hello everyone! I posted a quick video on polviewer.exe. The tool called ‘Registry.pol Reader’ is a free tool Darren Mar-Elia built to solve a pretty important issue. And because he’s a great guy, there is that! The need for the tool is pretty obvious to those of us who have been managing and troubleshooting Group Policy […]