You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
I want to suggest a new feature for Policy Plus:
It would be perfect for Policy Plus to be able to manually specify the path to a Windows folder, such as when plugging-in a different drive over USB to edit its group policies offline.
Policy Plus already has a forensic-friendly method for editing group policies without using built-in runtime components from Windows.
It directly edits the registry hives and regenerates the .POL files manually so this feature requeqt means the following:
Policy Plus would have to get a window menubar item named 'Edit Offline System'
Then a Folder picker window appears and I select e.g. a Windows folder on USB HDD
Policy Plus tries finding the system hives and mounts SOFTWARE, then it tries to mount the SYSTEM HIVE (e.g. as HKLM\OFFLINE_X_SOFTWARE, HKLM\OFFLINE_X_SYSTEM)
Once it mounts the SYSTEM hive it tries to parse where the User Profiles directory should be
Then it mounts User profile hives ('ntuser' with .dat extension?) as well
Afterwards it's 'just' a matter of prefixing all read values found in the offline system ADMX files (e.g. X:\Windows\PolicyDefinitions) with HKLM\OFFLINE_X_SOFTWARE instead of HKLM\ only
User hives can be mounted as HKLM\OFFLINE_X_USERNAME_SOFTWARE for example
This way we exploit the existint forensic editing capability o Policy Plus for editing offline systems' group policies.
This is nonetheless a sizeable task to do, in terms of parsing & exception handling too.
If you implement this feature this will however make Policy Plus a considerable boost / plus for using it to diagnose system problems related to wrong Group Policy edits (such as edits that accidentally strip Admin users of Admin capabilities at reboot).
And as a last note: I think that it should really be mentionneed explicitly in Policy Plus that we have to manually to Save to Registry & Apply Policy in order for policies to correctly be updated in gpedit.msc too.
Otherwise some GPO edits just don't work and don't show as modified either in gpedit.msc.
I didn't know that we had to manually do Apply Policy (.POL file) after saving to registry.
This will help users new to Policy Plus to avoid frustration when editig lots of GPOs and getting no effect, with no modified policy in gpedit.msc (I had thought that all the edits were either lost or done in vain).
Wishing success for Policy Plus, and to also become able to edit offline systems (much like how Sysinternals AutoRuns cans edit offline installs).
The text was updated successfully, but these errors were encountered:
Hello,
I want to suggest a new feature for Policy Plus:
It would be perfect for Policy Plus to be able to manually specify the path to a Windows folder, such as when plugging-in a different drive over USB to edit its group policies offline.
Policy Plus already has a forensic-friendly method for editing group policies without using built-in runtime components from Windows.
It directly edits the registry hives and regenerates the .POL files manually so this feature requeqt means the following:
Policy Plus would have to get a window menubar item named 'Edit Offline System'
Then a Folder picker window appears and I select e.g. a Windows folder on USB HDD
Policy Plus tries finding the system hives and mounts SOFTWARE, then it tries to mount the SYSTEM HIVE (e.g. as HKLM\OFFLINE_X_SOFTWARE, HKLM\OFFLINE_X_SYSTEM)
Once it mounts the SYSTEM hive it tries to parse where the User Profiles directory should be
Then it mounts User profile hives ('ntuser' with .dat extension?) as well
Afterwards it's 'just' a matter of prefixing all read values found in the offline system ADMX files (e.g. X:\Windows\PolicyDefinitions) with HKLM\OFFLINE_X_SOFTWARE instead of HKLM\ only
User hives can be mounted as HKLM\OFFLINE_X_USERNAME_SOFTWARE for example
This way we exploit the existint forensic editing capability o Policy Plus for editing offline systems' group policies.
This is nonetheless a sizeable task to do, in terms of parsing & exception handling too.
If you implement this feature this will however make Policy Plus a considerable boost / plus for using it to diagnose system problems related to wrong Group Policy edits (such as edits that accidentally strip Admin users of Admin capabilities at reboot).
And as a last note: I think that it should really be mentionneed explicitly in Policy Plus that we have to manually to Save to Registry & Apply Policy in order for policies to correctly be updated in gpedit.msc too.
Otherwise some GPO edits just don't work and don't show as modified either in gpedit.msc.
I didn't know that we had to manually do Apply Policy (.POL file) after saving to registry.
This will help users new to Policy Plus to avoid frustration when editig lots of GPOs and getting no effect, with no modified policy in gpedit.msc (I had thought that all the edits were either lost or done in vain).
Wishing success for Policy Plus, and to also become able to edit offline systems (much like how Sysinternals AutoRuns cans edit offline installs).
The text was updated successfully, but these errors were encountered: