GPO Comparison

The GPO Comparison feature allows users to compare and analyze the settings applied by Group Policy Objects in the Active Directory against both custom and official baselines prepared by Microsoft, CIS, STIG, and Forestall. These baselines are created by considering the security best practices.

Input fields are ;

GPO: List of Group Policy Object's belongs to your Active Directory.

Baseline: List of predefined baseline documents.

Baselines are categorized according to the Windows operating system.

After selecting the relevant GPO and baseline, FSProtect automatically compares the applied settings and displays the results.

GPO Baseline Comparison

Comparison Result

The colored labels and numbers in the upper-right describe the categories and the number of identified settings that belong to these categories in the comparison results.

Clicking on these badges allows you to filter the result table.

Colors of the badges are categorized as;

Color
Definition

gpo_baseline_comparison_uncompatible_colour

Uncompatible

gpo_baseline_comparison_not_configured_colour

Not Configured

gpo_baseline_comparison_baseline_not_defined_colour

Baseline Not Defined

gpo_baseline_comparison_compatible_colour

Compatible

gpo_baseline_comparison_all_colour

All

Uncompatible: The setting configured by the GPO is not secure according to the baseline.

Not Configured: The setting referenced by the baseline is not defined or not configured by the GPO.

Baseline Not Defined: The setting configured by the GPO is not included in the baseline.

Compatible: The setting configured by the GPO is secure according to the baseline.

All: All settings that are configured by the GPO or referenced by the baseline.

The widgets in the upper-right side of the table allow us to;

  • Search: Search the comparison results by the names of the settings.

  • Export: Export the comparison results and the respective information listed in this table as a CSV file.

The table contains information about the results of the Group Policy Object settings comparison,

GPO Baseline Comparison Result

Status: Comparison result for the GPO setting.

Type: Type of the setting.

Policy Group or Registry Key: Group policy configuration path of the setting.

Setting: Name of the settings.

GPO: Value of the setting configured by the GPO.

Baseline: Value of the setting defined by the baseline.

In addition, each setting in the rows displays summary information about the definition of the setting.

GPO Baseline Setting Definition
PreviousGPO AuditNextRSoP Comparison

Last updated

Was this helpful?