Microsoft's Group Policy Analysis Tool Released
A light software tool for IT to compare Group Policy Objects (GPOs) is now out.
Policy Analyzer (no version), announced late last week in a Microsoft blog post, lets IT pros "treat a set of GPOs as a single unit," thereby showing up the GPOs that have duplicate settings or "conflicting values," Microsoft's announcement explained. In addition, the baseline state of the GPOs can be captured as a snapshot and used for change tracking.
Policy Analyzer produces a report in table form. Conflicting GPO settings are shown in yellow, while missing settings are shown in gray. The results, based on the Group Policy path and setting names, also can be exported to Excel.
The tool can help with Windows migrations. For instance, Policy Analyzer can be used to compare an organization's GPO settings for Windows 7 with Microsoft's recommended baselines for Windows 10 and Internet Explorer 11, according to the announcement.
Users create a policy rule set in the form of an XML file. The policy rule set can include data from various GPO files. Microsoft recommends using GPO backup files to create the data, including "registry policy files, security templates, and audit policy backup files."
The tool has some limits. Microsoft's guide explains that "Policy Analyzer can show when a set of GPOs contains contradictory settings, but it will not predict which setting will 'win.'"
So far, the tool seems kind of rudimentary. There's no installer file. The zip file just contains three .EXE program files to copy into the same directory. It requires .NET Framework 4.6 to run.
The program files and documentation are all zipped up and included in Microsoft's blog post.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.