Поделиться через


Understanding the GPO version number

If you've ever poked around to look at the raw GPO version number, you've probably wondered why is the number so huge and how does it get displayed as a much smaller value when you view the version number using GPMC.

Let's look at the simplest example which is the version number for the Local Group Policy Object (LGPO). The LGPO is stored on each computer running Windows 2000 or later in the %windir%system32grouppolicy directory. For most computers, this will evaluate to c:windowssystem32grouppolicy. For our examples, we'll stick with this directory to make things easier. One thing you'll notice is that when you get a directory listing for c:windowssystem32 you will not see the grouppolicy directory. That's because it is a hidden directory. Now if you navigate directly to the directory (from the command prompt, type the command: cd c:windowssystem32grouppolicy), you'll see there is a gpt.ini file which contains the version number for the GPO. In my particular case, my LGPO contains a gpt.ini file with a version number shown as:

Version=1376303

This seems to be a fairly large number even for someone who tests out custom ADMX files with their LGPO. However, it starts to make more sense when you look at what's really going on.

Group Policy has two configurations – the computer and the user configuration. In order to track changes to each configuration, the GPO must track a version number for each configuration. With only one version number, the way two versions are tracked is to split the version number into two numbers.

The top 16 bits of the version number corresponds to the user configuration version. The lower 16 bits of the version number corresponds to the computer configuration version. When looking at the version entry in the gpt.ini file what you are then seeing is:

Version = [user version number top 16 bits] [computer version number lower 16 bits]

In the case of my LGPO version number = 1376303, how do we see what the actual version number is for the user and computer configuration?

Below is a simple way to split the version number into the user and computer version number.

  1. First, recognize that the version number is in decimal. Before we can split the number into the two version numbers, we first convert the decimal value to hex. The easiest way to perform this conversion is to use the calculator in windows in scientific mode. Enter the decimal value and then click the hex button to convert the number. You should see a value of 15002F.
  2. If you are using the calculator, it will not display the leading zeros of the number. In hexadecimal, four hexadecimal characters are equal to 16 bits. When you split the number into two parts you'll need to add two leading zeros to show the full version number in hexadecimal. For our case, I would write this number out as 0015002F. (When written on paper, a 0x is added to the beginning of the number to clarify the number is hexadecimal, 0x0015002F.)
  3. Input the lower 4 hex characters (002F) into the calculator while in hex mode. Then convert this value to decimal by clicking the decimal button. You should see a computer version number of 47 decimal.
  4. Input the upper 4 hex characters (0015) into the calculator while in hex mode. Then convert this value to decimal by clicking the decimal button. You should see a user version number of 21 decimal.

The raw version number of 1376303 split into the computer version of 47 and the user version of 21 now seems much more reasonable. You can use this procedure to look at the number of changes to the computer and user configuration portions of a GPO.

Of course, GPMC does this for you automatically when you look at the report for a GPO.

More on this topic later.

Judith Herman, GP Programming Writer

Comments