Group Policy Results

It is always a good practice to know what policy settings are being applied to a user or computer since GPO imposes a lot of restrictions and customizations on the user and computer. So, if something is amiss, a review of the policy settings will shed some light on the problem. To view the Resultant Set of Policy settings, you can use the following tools:

RSoP snap-in

The Resultant Set of Policy snap-in is a Microsoft Management Console (MMC) tool. It can be used to create detailed reports about applied policy settings. It has two modes: Logging mode – displays the policy settings currently applied to a user and computer. Planning mode – simulates policy settings that will be applied to a user or computer. To open the RSoP snap-in, follow these steps:

Go to Start Menu → Run. Type MMC and click OK

In the MMC console menu bar, File → Add/Remove Snap-in. Select RSoP from the list of available snap-in and click Add → OK

Right-click the Resultant Set of Policy and select Generate RSoP data

In the wizard that appears, choose the either Logging mode or Planning mode, the computer and the user to see the list of applied settings

Group Policy Results: Group Policy Results is a container available in GPMC. The following steps illustrate how to use Group Policy Results:

In the left pane of GPMC, right-click the Group Policy Results container and select Group Policy Results Wizard

In the Group Policy Results wizard, choose the target computer and users

Click Next to see a summary of the selections made and click next to generate a report. Click Finish

The following information will be available in the right pane: Summary Tab – Contains information on Applied and Denied GPOs, Security Group membership, WMI filters, and component status for both computer and user configuration. Settings Tab – shows all the Computer Configuration and User Configuration policy settings with the name of the winning GPO for each setting. Policy Events Tab – shows all the policy-related events.

gpresult command line tool

The gpresult command line tool when executed displays all the policy settings applied to a particular user or computer. For example, gpresult /user kevin /z will display all available information about the group policy applied to the user Kevin. For more information about using this tool, use the command gpresult /?.

People also read

Group Policy

Group Policy Objects (GPOs): Different Policy Settings

How to force Group Policy update?

Active Directory Group Policy in a Nutshell

People also read

Active Directory Account Lockout Policy

Managing GPOs in Active Directory

How to locate Active Directory Objects

Active Directory Object permissions: Step-by-Step guide to managing permissions using GPOs, ADUC, and PowerShell

Active Directory Object Classes and Attributes: A complete overview

Active Directory Sites

Active Directory Users and Computers (ADUC) - An introduction and installation guide

How to Raise Active Directory Forest Functional Level

Managing GPOs with Group Policy Management Console

Group Policy Backup

Active Directory Tools

Quick Links

Curated Resources

Newsletter