Windows 200x/201x - How to monitor GPO application with some tools

GPO are applied to computer and user side.

To verify its application here they are some simple tools:


  1. Resultant Set of Policy (rsop.msc)  it is graphical tools that show which policies are applied and which are working (consider that there are some expections to some policies not displayed with this tool)
  2. GPResult.exeit is a command line tool that create .xml .html report.
  3. Group Policy Inventory (GPInventory.exe) Group Policy Inventory (GPInventory.exe) allows administrators to collect Group Policy and other information from any number of computers in their network by running multiple Resultant Set of User Policy (RSOP) or Windows Management Instrumentation (WMI) queries. The query results can be exported to either an XML or a text file, and can be analyzed in Excel.Typical usage scenariosRSOP Queries:
    • Do a software inventory for users and computers in a domain or OU
    • See which applications are installed on computers in the domain
    • Track the rollout of new GPOs on a domain
    • Find computers that have not downloaded and applied new GPOs
    WMI Queries:
    • Do a complete hardware inventory (processor, memory, hard disk space, etc) for all computers in the domain
    • Scan all computers to see if a particular hotfix is applied
    • See the amount of disk space that is available on computers
    • Test a WMI filter before implementing it in the domain
  4. Using powershell you can utilize this command: Get-GPResultantSetOfPolicy, more details:
    https://technet.microsoft.com/en-us/library/ee461048.aspx
    https://blogs.technet.microsoft.com/heyscriptingguy/2013/02/08/use-powershell-to-find-group-policy-rsop-data/
  5. Using Wmi and .vbscript :
    https://blogs.msdn.microsoft.com/dsadsi/2009/09/18/how-to-retrieve-currently-applied-gpos-on-your-local-machine-using-wmi-via-windows-scripting-host-wsh/

If you like you can go deeper using these latter articles:

Freeware - ProjectLibre open source alternative to Microsoft Project

There is a free and well working open source software that is Microsofr Project alternative.

This is ProjectLibre:

http://www.projectlibre.com/product/projectlibre-open-source

ProjectLibre is leading open source alternative to Microsoft Project.   

It has been downloaded over 2,700,000 times in over 200 countries and has won InfoWorld "Best of Open Source" award. 

ProjectLibre is compatible with Microsoft Project 2003, 2007 and 2010 files. 

You can simply open them on Linux, Mac OS or Windows. ProjectLibre key features:

Bossie Award

Windows 7 - How to install and remove software in safe mode

If you start your pc in safe mode due to fact that is not booting properly or you need to install/unistall any specific software you should be aware that by default is not possible.

To bypass problem you need modify a register part as follow:

Navigate to the Registry key: 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\

Right-click “Minimal”
Select “New—> Key”
Name the key MSIServer
Change the default data value to Service. 

The running of the uninstaller service in safe mode will now be enabled. 

If it is not already running, you can start the service from the command line. 


sc start msiserver

If you want the option of booting to safe mode with networking you need to modify register as follow as step 2

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\

Add a new sub-key called MSIServer to this key by right-clicking Network in the same way as described in steps 3-6 above.

Alternative procedure to register modify step 1 is:

command prompt --> 

REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer" /VE /T REG_SZ /F /D "Service"

net start msiserver


Security - Password safe tools

There are some tools that I utilized during these years for saving password purposes.

Here is a brief description:

KeePass





Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your website's FTP password, online passwords (like website member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem... A serious problem. The thief would have access to your e-mail account, website, etc. Unimaginable.

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see the features page. 

http://keepass.info/

Password Safe


Password Safe allows you to manage your old passwords and to easily and quickly generate, store, organize, retrieve, and use complex new passwords, using password policies that you control. Once stored, your user names and passwords are just a few clicks away.
Using Password Safe you can organize your passwords using your own customizable references—for example, by user ID, category, web site, or location. You can choose to store all your passwords in a single encrypted master password list (an encrypted password database), or use multiple databases to further organize your passwords (work and home, for example). And with its intuitive interface you will be up and running in minutes.

Security 
  • Open Source - Most important, you don't have to take our word for it. You can download the source code and inspect it yourself, or have someone else check it for you. If you're really concerned, you can build the program from the sources you've downloaded and reviewed, instead of the binary files we build for each release.
  • For the files we provide, you can check that they're the ones that we've uploaded, and not tampered with, by checking the GPG cryptographic signature that's generate for each file.
  • Designed by Bruce Schneier - the original version was designed by renowned security expert Bruce Schneier, and we have his permission to say so.
  • No back door / recovery mechanism - there's no way for users (or developers, for that matter) to access the passwords without the master key.
  • Hard to brute-force - In the absence of back doors, an attacker can try a brute-force attack, e.g., using a dictionary. Password Safe has safeguards in place to make this as hard as possible.
  • The master passphrase is never stored the clear. We store something that derived from the master passphrase, but hard to calculate. When you enter your passphrase, we duplicate the calculation and compare the results. Only if the comparison succeeds do we continue to derive the encryption key from your master passphrase.
  • Sensitive memory is kept from swapping to disk.
  • All user data is encrypted in memory.
  • Memory with sensitive data is wiped as soon as possible.
  • File integrity checks: Even if the file's encrypted, it's not necessarily protected against unauthorized modification. Password Safe implements integrity checks on the file so that an attacker cannot modify it without knowing the master passphrase.
  • Reliability: Backups of previous databases are kept by default. The user can configure how many backups to keep and where to keep them.
  • For more details, feel free to contact the authors.

https://pwsafe.org/

Youtube presentation:

720check