修改组策略就是修改注册表_如何查看组策略对象修改了哪些注册表设置

修改组策略就是修改注册表

Today we are going to show you how to use one of our favorite tools, Proc Mon, to see which registry keys are edited when you change a Group Policy setting on your PC.

今天，我们将向您展示如何使用我们最喜欢的工具之一Proc Mon，来查看在PC上更改组策略设置时要编辑哪些注册表项。

使用Proc Mon查看组策略对象修改了哪些注册表设置 (Using Proc Mon to See Which Registry Settings a Group Policy Object Modifies)

The first thing you will want to do is go and get yourself a copy of Proc Mon from the Sys Internals website.

您要做的第一件事就是从Sys Internals网站上获取Proc Mon的副本。

Then you will need to extract the folder and run  the Procmon.exe file.

然后，您将需要解压缩文件夹并运行Procmon.exe文件。

When Proc Mon opens, you will need to add a condition as follows:

当Proc Mon打开时，您将需要添加以下条件：

Process Name is mmc.exe then Include

进程名称为mmc.exe，然后包含

Then click the add button.

然后单击添加按钮。

To get only the registry keys that are changed, we need add another one:

要仅获取已更改的注册表项，我们需要添加另一个：

Operation is RegSetValue then Include

操作是RegSetValue然后包含

Then again click the add button.

然后再次单击添加按钮。

Once the two rules have been added, you can go ahead and click ok.

添加两个规则后，您可以继续并单击“确定”。

Now go and open the Group Policy setting that you wish to edit.

现在，打开要编辑的组策略设置。

Before you actually change the setting, switch back over to Proc Mon and clear the log.

在实际更改设置之前，请切换回Proc Mon并清除日志。

Then go and change the GPO and click apply.

然后去更改GPO，然后单击“应用”。

If you switch over to Proc Mon you will see that you have a registry key(s) there. Right-click on it and select the Jump To… option from the context menu.

如果切换到Proc Mon，您将看到那里有一个注册表项。 右键单击它，然后从上下文菜单中选择“跳转到…”选项。

That will fire up Regedit and take you to the exact key which was modified

这将启动Regedit，并带您进入已修改的确切密钥

That’s all there is to it guys.

伙计们就这些了。

翻译自: https://www.howtogeek.com/115617/how-to-see-which-registry-settings-a-group-policy-object-modifies/

修改组策略就是修改注册表