Tag Archives: GPO Explorer

How To Read the contents of Registry.pol files

The registry.pol files are used to store Group Policies settings, these files typically exist in the Group Policy Template (GPT) which is hosted in the sysvol share on the domain controllers, but can also exit on local systems.

GPO settings in the Registry.pol files are saved in a binary format, and the normal AD GPO management tools don't provide a method to show the contains of these files.  NetTools v.1.31.3 and above includes an option to be display the contents of these files.

This option exists under the GPO Explorer option, once the Refresh button has been clicked the GPO details are displayed. The Registry.pol Reader option is the last option in the left hand pane.

Registry.pol Reader

To open a registry.pol file, right click on the Registry.pol Reader entry and select Open Policy File option from the context menu.

GPO Explorer Context Menu

Select the file using the file browser, once the file is selected the contents of the file are displayed in the right hand pane.  This view uses the same navigation as with the Settings tab for a policy.

Registry.pol Reader - Settings

Note: NetTools is a 32 bit application, and when accessing the system32 folder on the local system drive, wow64 will be used when browsing system directories and as a result, some files that you expecting to find, might not be shown in the file browser dialog.  If this happens, using file explorer, copy the file from the system directory to non-system directory i.e. c:\temp and try again.

Permissions Caching

NetTools uses local caching to improve the performance when viewing the permissions in ACL Browser and GPO Explorer.  The cache is used to cache Control Assess Rights GUIDs and resolved SIDs, this makes viewing the permissions of subsequent objects significantly faster.  ACL Browsers and GPO Explorer use the same cache to improve performance across these options.  If ACL Browser and GPO Explorer interrogate the same forest then both options will benefit from the caching.  However, when they are pointing at different forests, the cache is cleared and caching is started again when a different context is detected, resulting in an initial performance hit as the cache is reseeded.