RFE: Inspector for "registry.pol" files

Ideas
1

@jgstew
I’ll be submitting an RFE shortly for a “registry.pol” file content inspector. This would be useful for looking up configured Local Group Policy settings and values.

Current methods and limitations:

  1. ‘rsop user wmi’ requires us to supply a SID for a user, who has previously logged on and applied GPO settings. The values retrieved from this inspector may also be out-of-date if policy settings have changed since the user last logged on and applied settings.

  2. ‘rsop user wmi’ and ‘rsop computer wmi’ both rely on Resultant Set of Policy, which combines both Domain GPO and Local GPO settings. This makes it difficult to separate Domain GPO settings (which we cannot change or override via BigFix) from Local GPO settings (which we can modify at the client), or to exercise “what-if” in case a client is disconnected from the Domain or a Domain GPO setting is removed.

  3. For Computer settings, we could check the results of policy settings using local Registry paths, but for User settings or MLGPO settings we cannot inspect the User Registry paths (unless there happens to be a logged-on user at that time).

  4. Registry.pol files are part-UNICODE and part binary values, and appear as one long piece of data, making them difficult to parse with the ‘lines of file’ inspector.

As a registry.pol file contains settings closely aligning with registry keys and values, I think most of the properties would align with the registry inspectors. I’d request an inspector for "registry policy of <file>", with at least the following properties (and maybe a few I haven’t thought of):

* registry policy of <file> : <registry policy>
* keys of <registry policy> : <registry policy key>
* key "string" of <registry policy> : <registry policy key>
* values of <registry policy key> : <registry policy value> (with casts to <string>, <integer>, <binary>)
* values <string> of <registry policy file key> | <registry policy value>
* names of <registry policy value> : string
* directives of <registry policy key> : <registry policy directive>
* <registry policy directive> = registry policy directive delete
* <registry policy directive> = registry policy directive deleteallvalues

I’ve submitted the RFE at http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=110556

2 Likes