compare policies of two similar machines.

[MDBJ]

I have unfettered access to two different machines- they are similar dells
at my workplace
only differences being 512 vs 1 gig ram, and 40gb vs 80 gb hard drive,
and some more software being loaded on the better spec machine.

Is there any way to line/line compare the security policies & services
settings on the two machines to find where they differ?

one has the necassary permissions to access a remote machine correctly under
RDC, the other one fails, and I can't find which setting is different on the
two machines.

I'd like to do a file compare on the two machines, and have differences
indicated, but I'll even print out the entire
damn registry on both if need be, and assign a clerk to use a highlighter
for the differing lines on each.

Can anyone save the clerks@work from my tyranny?
suggest a better method than me printing 40000 pages of registry?

There must be a tool to perform audits on local policy.....

 

[Brandon McCombs]

I have unfettered access to two different machines- they are similar dells
at my workplace
only differences being 512 vs 1 gig ram, and 40gb vs 80 gb hard drive,
and some more software being loaded on the better spec machine.

Is there any way to line/line compare the security policies & services
settings on the two machines to find where they differ?

one has the necassary permissions to access a remote machine correctly under
RDC, the other one fails, and I can't find which setting is different on the
two machines.

Some settings to look at off the top of my head before looking at differences
would be to make sure that in the User Rights Assignment section the values for
"Allow logon through terminal services" and "Access this computer from the
network" are including the security group of the user you are trying to use in
RDC. Also, on the Remote Desktop tab when you right click on My Computer and go
to Properties is a listing of groups who are allowed to login through RDC. By
default the administrators group should be there. If you are connecting as
amember of another gruop you will have to add that group.
As far as looking at registry differences there are tools availabl for doing a
registry diff however every time I ran one of them( dont remember the name) it
never showed any differences so YMMV. Also, for policysettings the actual
policy is in c:\windows\security\templates so you can open htem up in a regular
text editor. You can also export the list of serviecs as a tab delimited file
using the Services MMC. But I dont think it's a service issue unless Terminal
services isnt running because that is the only one for Remote Desktop that would
probably be an issue here.

HTH