Local Security Policy not showing up in GPRESULT

I was double checking some security settings on one of our systems. I could trace back everything to group membership and Group Policy, except for one thing. There was a ‘SeImpersonatePrivilege’ in a user token (verified via ProcessExplorer) yet it was nowhere to be found.

Normally this is the sort of thing you’d find via GPRESULT except that, too, came up blank. Impersonation was not configured. I decided to manually check the Local Security Security policy and there it was.

That solved half my problem. I had a full understanding of where every security configuration came from. The other half was still not clear: Why didn’t it show up in GPRESULT. Because GPRESULT -does- take Local Group Policy into account yet it didn’t show those specific settings.

As it turns out, RSOP gathers policies data from a Common Information Model Object Management (CIMOM) database on the local computer. Local Group Policy is not stored in this database and cannot be queried by RSOP. Gpedit.msc and secpol.msc just edits system settings directly.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s