# GPOs

The `GPOs` page provides a list of enumerated group policy objects in entire Acitve Directory. The list contains the `Total Linked Entity`, `Risk Score`,`Exposure Point` and `Issue Counts`.

<figure><img src="/files/spzyenHqYCfhyxX6CJ6e" alt=""><figcaption><p>GPOs</p></figcaption></figure>

## Group Policy Object Details

Details page contains the `Risk Score` of the group policy object, `Expsore Point`, `Information`, and `Issues` panes.

{% hint style="info" %}
You can analyze objects in the `Graph module` by clicking the `Visualize` button on the upper left side of the `Information Pane`.
{% endhint %}

<figure><img src="/files/4LPE3bStApMZnTvu71BT" alt=""><figcaption><p>GPOs Details</p></figcaption></figure>

## Information

`Information Pane` contains `Details`, `Linked Domains`, `Linked OUs`, `Linked Computers`, `Linked Users`, `GPO Settings`, and `Scripts` tabs respectively.

## Details

Details tab contains attributes below about group policy object.

| Attribute                     | Description                                                                                                       |
| ----------------------------- | ----------------------------------------------------------------------------------------------------------------- |
| **CN**                        | The name that represents an object. Used to perform searches. (**Ldap Display Name**: cn)                         |
| **Distinguished Nam**         | Active Directory distinguished name of the object. (**Ldap Display Name**: distinguishedName)                     |
| **Object Category**           | An object class name used to group objects of this or derived classes. (**Ldap Display Name**: objectCategory)    |
| **Name**                      | Name of the specified object. (**Ldap Display Name**: name)                                                       |
| **GPC File Path**             | SYSVOL Policy folder path of the group policy object. (**Ldap Display Name**: gPCFileSysPath)                     |
| **Created Time**              | The date when this object was created. (**Ldap Display Name**: whenCreated)                                       |
| **Last Changed Time**         | The date when this object was last changed. (**Ldap Display Name**: whenChanged)                                  |
| **Version**                   | A general purpose version number. (**Ldap Display Name**: versionNumber)                                          |
| **GPC Functionality Version** | The version of the Group Policy Editor that created this object. (**Ldap Display Name**: gPCFunctionalityVersion) |

## Linked Domains

Linked Domains tab contains a list of domain objects that are directly linked with the group policy object.

<figure><img src="/files/o4Nvu72mgxrE659kPTRb" alt=""><figcaption><p>Linked Domains</p></figcaption></figure>

## Linked OUs

Linked OUs tab contains a list of organizational unit objects that are directly linked with the group policy object.

<figure><img src="/files/ksSpx749WoQPjrfryCkQ" alt=""><figcaption><p>Linked OUs</p></figcaption></figure>

## Applied OUs

Applied OUs tab contains a list of organizational unit objects that are directly linked to the group policy object or inherit it from a parent OU.

<figure><img src="/files/gY3rkNlzQJnICDpb4v1A" alt=""><figcaption><p>Applied OUs</p></figcaption></figure>

### Applied Computers

The **Applied Computers** section lists the computers to which the selected GPO is effectively applied.\
It shows only the computers that receive and enforce the GPO based on scope, linking, and security filtering.

<figure><img src="/files/lur1SKOES7HKpxbxyy3A" alt=""><figcaption><p>Applied Computers</p></figcaption></figure>

## Applied Users

The **Applied Users** section lists the users to whom the selected GPO is effectively applied.\
It shows only the user accounts that receive and enforce the GPO based on scope, linking, and security filtering.

<figure><img src="/files/NrhpEIAohYXK4F876kJG" alt=""><figcaption></figcaption></figure>

## GPO Settings

GPO Settings tab contains a list of settings that are defined with the group policy object. The list also contains the columns below.

<figure><img src="/files/u3XKTt2wFlBzeia1RAu8" alt=""><figcaption><p>GPO Settings</p></figcaption></figure>

**Type**: Type of the applied settings.

**Policy Group or Registry Key**: Group policy configuration path of the applied settings.

**Setting**: Name of the applied settings.

**Value**: Value of the setting that is defined/configured by the group policy object.

## Scripts

Scripts tab contains a list of `Logon/Logoff` and `Startup/Shutdown` scripts that are implemented with the group policy object. The list also contains the columns below.

<figure><img src="/files/e1klSxr9SeVSG5y6LR2J" alt=""><figcaption><p>Scripts</p></figcaption></figure>

**Name**: The file name of the script.

**Can Anyone Modify**: Indicates whether the script can be modified by anyone.

**Type**: Indicates at what stage the script runs. (Startup, Shutdown, Logon, Logoff)

**GPO Type**: Indicates the group policy type the script belongs to. (Machine, User)

**Command**: Indicates the command that is required to run the script.

**Parameters**: Indicates the command line parameters that are required to run the script.

## Issues

Issues pane contains identified issues on the group policy object.

![Issues](/files/KvvWaTEzhBgWbZmhjLw5)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.forestall.io/fsprotect/ad-identities/gpos.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.