Skip to main content

Overview

The LocalGPOs command enumerates local Group Policy Objects (GPOs) applied to the machine and users. Local GPOs can override or supplement domain policies and may contain security-relevant configurations, restrictions, or misconfigurations.

Syntax

Seatbelt.exe LocalGPOs
This command does not support remote execution.

Output

Returns local GPO settings including:
  • Computer policies
  • User policies
  • Security settings
  • Software restrictions
  • Script configurations
  • Administrative templates

Use Cases

  • Red Team
  • Blue Team
  • Identify local security policies
  • Discover restrictions and bypasses
  • Find misconfigurations
  • Understand execution controls
  • Identify privilege elevation opportunities

Example Output

====== LocalGPOs ======

Computer Policies:
  [Security Settings]
    Password Policy
      Minimum password length: 8
      Password complexity: Enabled

  [Administrative Templates]
    Windows Components\Windows Defender
      Turn off Windows Defender: Not Configured

User Policies:
  [Administrative Templates]
    System
      Prevent access to command prompt: Disabled

Remote Execution

This command does NOT support remote execution.

Detection Considerations

Low detection risk - reads local policy files and registry.