Group Policy - Inactive Policy Settings

Routine User 1 Reputation point

How to filter the group policies that have policy settings defined within their disabled user or computer sections?

I am able to get the GPOs that have user or computer or both sections disabled but to know whether the GPO has settings defined or not, I tried the following

Consider GPO user/computer section as empty if:

  1. If User/Computer version is 0 - does not work if we revert the settings to "Not Configured"
  2. If gPCMachineExtensionNames or gPCUserExtensionNames is empty - does not work if we revert settings(certain settings under Security Settings like Account Policy, Network list manager policies..) to "Not Configured"
  3. Find "No Settings Defined" string in html report generated by Get-GPOReport cmdlet - could not identify which section is empty and also does not work for languages other than en-US operating systems.

Kindly advise.

A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,735 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 39,341 Reputation points

    Hello @Routine User

    After digging around and trying to come at this a few different ways, I've found a tool that will help me decipher this environment's GPOs and individual settings on a single screen instead of over 100. This will still take a very long time to break down and reorganize the company's OUs, but it is a big help and makes the task seem feasible.

    I am using the Microsoft Security Compliance Toolkit (1.0) from here:

    It shows individual GPOs that have no conflicting settings, and also highlights conflicting entries across multiple GPOs. It can export to Excel but the cell view is not as helpful.

    Hope this helps with your query,


    --If the reply is helpful, please Upvote and Accept as answer--