It is always a good practice to know what policy settings are being applied to a user or computer, since GPO imposes a lot of restrictions and customizations on the user and computer. So, if something is amiss, a review of the policy settings will shed some light on the problem. To view the Resultant Set of Policy settings, you can use the following tools:
RSoP snap-in
The Resultant Set of Policy snap-in is a Microsoft Management Console (MMC) tool. It can be used to create detailed reports about applied policy settings. It has two modes: Logging mode – displays the policy settings currently applied to a user and computer. Planning mode – simulates policy settings that will be applied to a user or computer. To open the RSoP snap-in, follow these steps:
- Go to Start Menu → Run. Type MMC and click OK
- In the MMC console menu bar, File → Add/Remove Snap-in. Select RSoP from the list of available snap-in and click Add → OK
- Right-click the Resultant Set of Policy and select Generate RSoP data
- In the wizard that appears, choose the either Logging mode or Planning mode, the computer and the user to see the list of applied settings
Group Policy Results: Group Policy Results is a container available in GPMC. The following steps illustrate how to use Group Policy Results:
- In the left pane of GPMC, right-click the Group Policy Results container and select Group Policy Results Wizard
- In the Group Policy Results wizard, choose the target computer and users
- Click Next to see a summary of the selections made and click next to generate a report. Click Finish
The following information will be available in the right pane:Summary Tab – Contains information on Applied and Denied GPOs, Security Group membership, WMI filters and component status for both computer and user configuration.Settings Tab – shows all the Computer Configuration and User Configuration policy settings with the name of the winning GPO for each setting.Policy Events Tab – shows all the policy related events.
gpresult command line tool
The gpresult command line tool when executed, displays all the policy settings applied to a particular user or computer. For example, gpresult /user kevin /z will display all available information about the group policy applied to the user kevin. For more information about using this tool, use the command gpresult /?.
