From that day on, Alex taught every junior admin the mantra: "The GUI teaches you what exists. The command line teaches you how it works."
gpresult /r This was his X-ray vision. The command showed him exactly which policies were applied and, crucially, which were filtered out . He saw that the "Block Macros" policy was being overridden by a local administrator's preference.
He pulled up the heavy artillery: (Local Group Policy Object Utility). This wasn't a native Windows command; it was a tool from Microsoft’s Security Compliance Toolkit. Alex copied it to his network share. group policy editor cmd
secedit /configure /db C:\Windows\security\local.sdb /cfg C:\newpolicy.inf Twenty minutes after the ransomware alert, Alex sat back. He had touched exactly three graphical windows. Everything else was typed into a black terminal window. The finance department was clean.
To fix it, he didn't RDP into the machine. He used: From that day on, Alex taught every junior
The moral of the story? While gpedit.msc is a map, Command Prompt is the steering wheel. When a thousand computers need a fix before lunch, the fastest hands aren't on a mouse—they're on a keyboard.
gpupdate /force Nothing visible changed on screen except a success message, but in the background, every policy on his local machine was re-downloaded from the Domain Controller and reapplied. He realized that gpupdate was his heartbeat—but it wasn't enough. He needed to edit policy, not just refresh it. He saw that the "Block Macros" policy was
Instead of navigating through gpedit.msc and digging through "Computer Configuration > Administrative Templates > System > Removable Storage Access," he typed: