Policy Analyzer – minor update


Policy Analyzer is a utility in the Security Compliance Toolkit for analyzing and comparing sets of Group Policy Objects (GPOs). We have just posted a minor update that resolves a localization bug reading some non-English advanced auditing settings files (audit.csv), and another bug that would cause Policy Analyzer to crash when reading an invalid GPO backup XML file. Policy Analyzer should be completely bug free now. 🙂

The download package also adds PolicyRules files for the four Windows and Office baselines we have published since Policy Analyzer was last updated.


Comments (1)
  1. first of all, this is a great tool. i am not sure if this is a bug, but i could not find the constant SeMachineAccountPrivilege which represents “Add workstation to the domain”. all other “privilege rights” seem to be there. i am using version 3.2.1803.28001.

    [Aaron Margosis] I assume you’re referring to when you check the “Local policy” option to inspect local policy for comparison. Policy Analyzer gets the content that goes into the security template portion of policy, including user rights assignments, using Windows’ Secedit.exe and its /export option, which has some unfortunate bugs. One of them is that rights/privileges granted to no one don’t get exported to the security template. That privilege is only ever configured in Domain Controller policy.

Comments are closed.

Skip to main content