Notifications

Clear all

[Solved] GPOs from an E01?

General (Technical, Procedural, Software, Hardware etc.)

Last Post by keydet89 5 years ago

3 Posts

3 Users

0 Reactions

3,489 Views

RSS

castle228

(@castle228)

New Member

Joined: 5 years ago

Posts: 1

Topic starter 07/10/2020 9:20 pm

I have an E01 from a Windows Server 2016 (1607) Build 14393. What is the easiest way for me to pull all GPOs from the image and produce a report?

TIA

Quote

JimC

(@jimc)

Estimable Member

Joined: 9 years ago

Posts: 86

19/10/2020 12:21 pm

If you can boot the image (using a tool such as "VFC" or similar), you can generate a GPO report using GPEDIT.MSC tool or the "Get-GPOReport" Powershell tool.

Jim

www.binarymarup.com

ReplyQuote

keydet89

(@keydet89)

Famed Member

Joined: 21 years ago

Posts: 3568

20/10/2020 12:45 pm

RegRipper has three plugins that apply to GPOs - gpohist.pl, pendinggpos.pl, and ryuk_gpo.pl.

No need to boot anything...extract the Registry hives, run the plugins.

ReplyQuote

8 Forums
15.7 K Topics
92.3 K Posts
224 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed