NIST's guidance for a Zero Trust Architecture

Active Directory Policies

Group Policy Results

What are Group Policy Results? 

System administrators have a tough time determining what settings are actually being applied to users and computers because there may be several GPOs linked at different levels of the AD hierarchy. Group Policy Results is a Group Policy Management Console feature that allows administrators to scan local or remote computers and users in order to discover which group policy objects (GPOs) are being applied.

How to prepare the system environment for Group Policy Results?   

Ensure that the required inbound Windows Firewall rules for Group Policy Results are enabled. To connect to distant computers, Windows Firewall built-in rules such as Remote Event Log Log Management (RPC-EPMAP), Remote Event Log Management (NP-in), Remote Event Log Management (RPC), and Windows Management Instrumentation (WMI-in) must be enabled. You can use Group Policy to enable the Windows Firewalls rules on all devices in your domain by utilizing a starter GPO available in Windows Server 2012 (and later) that includes the required settings. You may also use PowerShell to create a GPO with the appropriate settings and attach it to your domain so that it applies to all devices. Log in as an administrator to a domain controller or a computer with the Active Directory module for PowerShell installed, and then run the following cmdlet:

New-GPO –Name ‘Windows Firewall RSoP Ports’ –StarterGpoName ‘Group Policy Reporting Firewall Ports’ | New-GPLink –target ‘dc=ad,dc=contoso,dc=com’ –LinkEnabled yes
Note: Replace dc=ad,dc=contoso,dc=com in the target value with the Common Name (CN) of your domain.

How to view Group Policy Results?   

It is always good practice to know what policy settings are being applied to a user or computer since GPO imposes a lot of restrictions and customizations on the user and computer. So, if something is amiss, a review of the policy settings will shed some light on the problem. To view the Group Policy Results, you can use the following tools:

RSoP snap-in   

The Resultant Set of Policy snap-in is a Microsoft Management Console (MMC) tool. It can be used to create detailed reports about applied policy settings. It has two modes:

  1. Logging mode – displays the policy settings currently applied to a user and computer.
  2. Planning mode – simulates policy settings that will be applied to a user or computer.

To open the RSoP snap-in, follow these steps:

  • Go to Start Menu -> Run.
  • Type MMC and click OK.
  • In the MMC console menu bar, click File -> Add/Remove Snap-in. Select RSoP from the list of available snap-in and click Add -> OK.
  • Right-click the Resultant Set of Policy and select Generate RSoP data.
  • In the wizard that appears, choose either the Logging mode or Planning mode and select the user or computer to see the list of applied settings.

Group Policy Results: Group Policy Results is a container available in GPMC. The following steps illustrate how to use Group Policy Results:

  • In the left pane of GPMC, right-click the Group Policy Results container and select Group Policy Results Wizard.
  • In the Group Policy Results wizard, choose the target computer and users.
  • Click Next to see a summary of the selections made and click next to generate a report. Click Finish.

The following information will be available in the right pane:

  • Summary Tab – Contains information on Applied and Denied GPOs, Security Group membership, WMI filters, and component status for both computer and user configuration.
  • Settings Tab – shows all the Computer Configuration and User Configuration policy settings with the name of the winning GPO for each setting.
  • Policy Events Tab – shows all the policy-related events.

gpresult command line tool   

The gpresult command line tool, when executed, displays all the policy settings applied to a particular user or computer. The GPResult command can be executed using the Windows command prompt or PowerShell.

Let’s look at a few gpresult commands for checking group policy results:

  • You can view the RSoP summary of applied group policy, which includes OS configuration, OS version, OU information, user profile, security groups, and more. To view the RSoP summary of applied group policy, use the following command:

gpresult /r

  • You can use the scope option to see the group policy settings that have been applied to a specific user or computer.
    • To view a user’s group policy settings, run the following command:

gpresult /r /scope:user

  • To view a computer’s group policy settings, use the following command:

gpresult /r /scope:computer

  • You can find information such as the registry key in which the GPO was created, the last time a logon script was executed, public key policies, logon and logoff script settings, internet connection settings, and more. Run the following command to obtain Detailed Applied Group Policy Info:

gpresult /v

  • When returning information to the command-line terminal is insufficient, you can export results to different formats to create a report or share the results.

Note: If you do not specify a path, the file will be saved to the system32 folder.

  • To export the GPResult report to a text file named report in C drive (C:), use the following command:

gpresult /r >c:\report.txt

  • To export the GPResult report to a HTML file named report in C drive (C:), use the following command:

gpresult /h > C:\report.html

  • To export the GPResult report to a XML file named report in C drive (C:), use the following command:

gpresult /x > C:\report.xml

  • To replace existing filenames specified by the /x or /h  command, use the following command:

gpresult /f /x targetlocation\report.xml

gpresult /f /h targetlocation\report.html

  •  You can also examine the Group Policy settings on a remote computer. Run the following command to get RSOP data for the user John who has logged onto the remote computer vm1 at least once:

gpresult /R /S vm1 /user John

Note: For more information about using this tool, use the command gpresult /?Administrators use group policies to regulate how users and computers access network resources. However, when your network grows, it might become complex and counterintuitive. As a result, you must keep track of which policies apply to which computers and users in order to determine their impact. Using group policy results is the most convenient technique to evaluate group policies and their impact on multiple computers and users. To gather group policy results and evaluate whether a certain policy should be retained or deleted, you can use RSoP and the reports it generates, as well as gpresult and third-party applications.


People also read

Group Policy

Group Policy Objects (GPOs): Different Policy Settings

How to force Group Policy update?

Active Directory Group Policy in a Nutshell

Related posts
Active Directory Policies

How to demote a Domain Controller: A step-by-step guide

Active Directory Policies

HOW TO DEPLOY EXE FILES USING GPO

Active Directory Policies

How to map network drives with Group Policy

Active Directory Policies

Group Policy Management Console (GPMC) – Part II

×

There are over 8,500 people who are getting towards perfection in Active Directory, IT Management & Cyber security through our insights from IAMRoundup.

Wanna be a part of our bimonthly curation of IAM knowledge?

  • -Select-
  • By clicking 'Become an insider', you agree to processing of personal data according to the Privacy Policy.