CCS Scan not bringing back the correct information on Advanced Audit Policy Configuration
search cancel

CCS Scan not bringing back the correct information on Advanced Audit Policy Configuration

book

Article ID: 387903

calendar_today

Updated On:

Products

Control Compliance Suite Standards Server Control Compliance Suite Control Compliance Suite Standards Module

Issue/Introduction

When running a standard that checks the settings of the configuration of your server, the results of the CCS scan do not match the Local Computer Policy or GPO that has been configured.

Environment

CCS 12.6.x

CCS 12.7

Resolution

The actual configuration on a server can be set by a GPO or the Local Computer policy, and it can be difficult to determine where the value to the configuration is being set.  Below are some useful command that might aid you to determine what GPO is setting that configuration for that value.

In PowerShell or in a command prompt window (running As Administrator), run the following command:

AuditPol /get /category:*

This will return a list of the configuration values and how they are set on that server.

In this example, we will be checking the configuration value for the IPsec Driver.  In the results of the AuditPol command above, scroll down until you see what value is being returned.

 

If the value being shown is the same value that CCS is reporting, then CCS is reporting correctly.

 

Since it can be difficult to determine which GPO is assigning that value on that server, you can run the following command to determine the 'Winning GPO' which is assigning the value.

In PowerShell or in a command prompt window (running As Administrator), run the following command:

gpresult /h %userprofile%\desktop\gpo_result.html


This command will create a file on the Desktop for the current user named gpo_result.html.  Open the file in the internet browser.
Note: When you run the gpo_result.html, sometimes it gets stuck loading.  Just X out and then refresh again and it loads correctly.

Navigate to the parameter and see what GPO is listed under 'Winning GPO' column.  This is the GPO (or Local Group Policy) that Windows is using to assign that value to that configuration setting.

Example: