Home > Active Directory > View MSS group policy settings in a Domain controller GPMC

View MSS group policy settings in a Domain controller GPMC

View MSS group policy settings in a Domain controller GPO

By default MSS settings are not visible in Group policy(GPO).MSS settings is used to hardening the DC’S .The MSS settings normally to be exist in Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.

MSS settings can be view using LocalGPO Tool (LGT) tool.The LocalGPO Tool (LGT) tool is available in the SCM package( Microsoft Security Compliance Manager)

Please follow below steps to available ‘MSS’ settings in your domain controller or any other GPO’s

Step 1: Download the Microsoft security Compliance Manager and install it on member of or any windows 7 workstations

Download Link: < http://technet.microsoft.com/en-gb/library/cc677002.aspx >

Step 2: Then navigate to SCCM installation directory ( c:\Program Files\Microsoft Security Compliance Manager\LGPO ) and copy LocalGPO.msi to domain controller

Step 3 : Then run the LocalGPO.msi

Step 4 : After the Local GPO is installed, find the path of file . Such as C:Program Files (x86)LocalGPO

Step 5 : Configure Security Configuration Editor to display MSS setting in your DC .

a. Run the command-line as an administrator

b. Enter the path of file GPO by command CD C:\Program Files (x86)\LocalGPO
then run the below command

Cscript LocalGPO.wsf /ConfigSCE

Please check the success or failure by reference the following screenshot.

Now MSS settings is visible under Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options.

Advertisements
  1. Todd
    April 11, 2014 at 10:15 pm

    Seneej,
    I followed the procedures above, but for some reason I’m getting an error. I run “Cscript LocalGPO.wsf /ConfigSCE” as an administrator and get an error: file not found.
    Do you have any suggestions?

    • seneej
      April 12, 2014 at 8:08 am

      Have you run the localGpo tool on DC? then navigate the localGPO installation directory from command prompt and then run command. ( refer the command image in the post )

  2. Todd
    April 16, 2014 at 12:23 am

    Yes, I have run the localgpo tool successfully on a secondary DC. I have run the command and everything works great. But, on one particular DC, I get an error. The error is: Localgpo.wsf(1580,12) Microsoft VBScript runtime error: File not found.
    Thanks for any advice.

  3. Nat
    September 23, 2014 at 5:33 pm

    FYI, This doesn’t work for Windows 2012 R2, but if you edit the localgpo.wsf and go to the chkosversion section, you can change it from 6.2 to 6.3 in both places. Worked like a charm.

  4. Carl Brandt
    October 13, 2015 at 11:49 am

    After running the LocalGPO.wsf /ConfigSCE I get the error “This tool only runs on Windows XP Professional. Windows server 2003, Windows Vista , Windows Server 2008, Windows 7, Windows Server 2008 R2, or Windows Server 2012” I am running Windows server 2012 R2 is there a different tool?

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: