ToolTip: Policy Analyzer

Aaron Margosis recently released Policy Analyzer, a utility for analyzing and comparing sets of Group Policy Objects (GPOs). Here’s a brief description on how to use the tool to compare two Domain GPOs.

I created two GPOs in my test domain, both starting with the name “Foo” and then configured some settings. The Policy Analyzer can import GPO settings based on a GPO backup so as a next step we create a GPO backup. The quickest way is to do this via PowerShell.

Get-GPO -All | Where-Object {$_.DisplayName -like “Foo Corp*”} | Backup-GPO -Path C:\data

image

Now that we have a backup we copy them into the Policy Analyzer working folder, in my case that’s:

C:\Users\Admin\Documents\PolicyAnalyzer\GPOs

image

Next Open the Policy Analyzer Tool and select Add.

image

A new window opens, select File, add files from GPOs

image

Select the first folder

image

 

image

Select Import, and provide a name.

 

image

Repeat these steps for every GPO you want to compare.

 

image

Next select View / Compare.

image

Select Export / Export all data to Excel

image

and there you, all information nicely prepared and ready for review.

image

The Policy Analyzer tool and documentation is available for download here

 

By the way, Microsoft also finally  released the Security Baseline for Windows 10  “Security baseline for Windows 10 (v1511, “Threshold 2”) — FINAL”   The Windows 10 TH2 Security Baseline.zip also contains a backup of the Windows 10 baselnie GPOs, so you can import these into Policy Analzyer as well and start comparing your current GPOs with those of the Security Baseline.

Enjoy!

2 Replies to “ToolTip: Policy Analyzer”

  1. Great looking tool. If I were to backup GPO’s from different domains that were supposed to be the same could I then import them as if they came from the same domain and compare?

  2. I know this is probably a dumb questions, but I don’t understand how to actually import the GPO settings into the analyzer. When I click ‘add’ and then import and choose my folders, I’m then taken to the next prompt that forces me to save that file somwhere, but my main Policy Analyzer window is still blank. How do you actually get those files into the analyzer so that you can click the ‘compare’ button?

Leave a Reply