none
see registry modifications of gpo that specifically modifies registry

    Question

  • Hi,

    If I add a gpo (on Windows Server 2012) that updates some registry items, how can I see the modifications on the windows client? rsop.msc doesn't seem to be doing the trick, as it only shows the altered templates.

    Any ideas?

    Thanks

    Monday, April 03, 2017 4:20 PM

All replies

  • Hi,
    Please check if the GPO is applied to clients successfully by running gpresult /r command. And have you directly checked from registry editor to see if the modification is done?
    Best Regards,
    Wendy Jiang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, April 04, 2017 3:06 AM
    Moderator
  • The gpo that modifies the registry is included in the Applied Group Policy Objects. However, as this gpo also modifies other things, such as printer deployment, I had already known that the gpo itself would be applied. That obviously doesn't ensure that the whole gpo is implemented. I did look in the registry and all seemed fine, but the reason why I'm asking this question is that in other contexts, I might have large gpos that alter tons of registry items. It's clearly unpractical to start checking them all on the client-side, and I'd have liked to be able to run a command on the client side that shows the modifications which have been carried out, something similar to the way the gpo is displayed on the server side: I select the gpo - Settings - Show all - there I can see it all.
    • Edited by lethargos Tuesday, April 04, 2017 6:45 AM
    Tuesday, April 04, 2017 6:43 AM
  • > If I add a gpo (on Windows Server 2012) that updates some registry items, how can I see the modifications on the windows client? rsop.msc doesn't seem to be doing the trick, as it only shows the altered templates.
     
    Enable gpsvc debug logging - the gpsvc.log will list each and every registry value that gets deleted or written within Administrative Templates during gpo processing.
     
    Tuesday, April 04, 2017 8:52 AM
  • Hi,

    Was your issue resolved? If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions. If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, April 10, 2017 2:12 PM
    Moderator
  • Actually my issue isn't solved.

    To enable gpsvc debugging, I edited the registry and added (in HKLM\Software\Microsoft\Windows NT\CurrentVersion) the key Diagnostics and the DWORD GPSvcDebugLevel with the value date (hexadecimal) 0x30002.

    Then I ran gpupdate /force

    Then I followed the instructions I found on technet and tried to access %windir%debugusermode, but there's no such folder in windows root.

    So I've no idea what to look for exactly.

    Friday, May 05, 2017 12:53 PM
  • Hi,
    Let us have a try the followings:
    1. Use powershell to capture the registry based on time stamp: https://blogs.technet.microsoft.com/heyscriptingguy/2014/01/02/leverage-registry-key-time-stamps-via-powershell/
    2. Use process monitor tool, Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, May 08, 2017 3:20 AM
    Moderator
  • Hi,
    Let us have a try the followings:
    1. Use powershell to capture the registry based on time stamp: https://blogs.technet.microsoft.com/heyscriptingguy/2014/01/02/leverage-registry-key-time-stamps-via-powershell/
    2. Use process monitor tool, Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, May 08, 2017 3:21 AM
    Moderator