FSProtect
  • Introduction
    • FSProtect - Active Directory Security Assessment
    • Glossary
    • Architecture
    • Requirements
    • Installation
    • Update
  • Scans
    • New Scan
    • Scans
    • Policies
  • Dashboard
  • Trend Insights
  • Issues
  • Impacts
  • Attack Surface
    • Forests
    • Domains
    • Computers
    • Users
    • Groups
    • GPOs
    • OUs
    • MSAs
    • GMSAs
    • Local Users
    • Local Groups
    • Certificate Authorities
    • Certificate Templates
    • CA Certificates
  • GPO Audit
    • GPO Comparison
    • RSoP Comparison
    • Custom Baselines
  • Integrations
    • CyberArk
    • Mail
    • Jira
  • Search & Reports
    • Domain
    • Computer
    • User
    • Group
    • GPO
    • OU
    • ManagedServiceAccount
    • GroupManagedServiceAccount
    • LocalUser
    • LocalGroup
    • CertificateAuthority
    • CertificateTemplate
    • CACertificate
    • SPN
    • SmbShare
  • Health Check
  • Visualize
  • Settings
    • User Settings
    • LDAP Authentication Settings
    • Roles and Permissions
    • Token Expiration Settings
  • Share Audit
    • Summary
    • Secrets
    • Settings
Powered by GitBook
On this page

Was this helpful?

  1. GPO Audit

GPO Comparison

PreviousGPO AuditNextRSoP Comparison

Last updated 8 months ago

Was this helpful?

The GPO Comparison feature allows users to compare and analyze the settings applied by Group Policy Objects in the Active Directory against both custom and official baselines prepared by Microsoft, CIS, STIG, and Forestall. These baselines are created by considering the security best practices.

Input fields are ;

GPO: List of Group Policy Object's belongs to your Active Directory.

Baseline: List of predefined baseline documents.

Baselines are categorized according to the Windows operating system.

After selecting the relevant GPO and baseline, FSProtect automatically compares the applied settings and displays the results.

Comparison Result

The colored labels and numbers in the upper-right describe the categories and the number of identified settings that belong to these categories in the comparison results.

Clicking on these badges allows you to filter the result table.

Colors of the badges are categorized as;

Color
Definition

Uncompatible

Not Configured

Baseline Not Defined

Compatible

All

Uncompatible: The setting configured by the GPO is not secure according to the baseline.

Not Configured: The setting referenced by the baseline is not defined or not configured by the GPO.

Baseline Not Defined: The setting configured by the GPO is not included in the baseline.

Compatible: The setting configured by the GPO is secure according to the baseline.

All: All settings that are configured by the GPO or referenced by the baseline.

The widgets in the upper-right side of the table allow us to;

  • Search: Search the comparison results by the names of the settings.

  • Export: Export the comparison results and the respective information listed in this table as a CSV file.

The table contains information about the results of the Group Policy Object settings comparison,

Status: Comparison result for the GPO setting.

Type: Type of the setting.

Policy Group or Registry Key: Group policy configuration path of the setting.

Setting: Name of the settings.

GPO: Value of the setting configured by the GPO.

Baseline: Value of the setting defined by the baseline.

In addition, each setting in the rows displays summary information about the definition of the setting.

GPO Baseline Comparison
GPO Baseline Comparison Result
GPO Baseline Setting Definition
gpo_baseline_comparison_uncompatible_colour
gpo_baseline_comparison_not_configured_colour
gpo_baseline_comparison_baseline_not_defined_colour
gpo_baseline_comparison_compatible_colour
gpo_baseline_comparison_all_colour