Share:
Twitter
LinkedIn
Facebook
Reddit
Whatsapp
Follow by Email
Reading Time: 3 minutes

Every Sysadmin has had to troubleshoot group policies at least once. I know I have had to do this many, many times in the past. One of the first tools I go to when troubleshooting group policy from a client machine is GPResult. GPResult is a command line utility that determines the resultant set of policies for a given user and/or computer.

GPResult has to be run from a command window as an administrator. To elevate the command prompt you can either press the winkey and type cmd then ctrl+shift+enter or right click on the command prompt and select run as administrator. If you elevate with an admin account different to the currently logged in user which is probably what you will do as your users should not have administrator rights, then you will receive an error message stating INFO: The user “domain\user” does not have RSOP data. This is because GPResult is using the elevated user’s context. To work around this, specify the standard user that you are troubleshooting.

GPR1

Some common examples are:

List GPOs applied, with Summary Data

The /r displays RSOP (Resultant Set of Policy) summary data

This is very useful when you want to see what GPOs have applied and in what order. It also displays summary data, such as the last time the group policy applied, which DC it was applied from, slow link threshold, the site, and security groups. This is a quick way of showing what GPOs have been applied to a user and/or computer.

GPR2

If you only want to view what has been applied to either user or computer, you can use the /scope flag.

For a nice summary the output in the command window is usually enough, but if you want to export the output to a file or the clipboard you can by using either of the following.

Export output to a text file

Export output to Windows clipboard

Sometimes the basic output is not enough for your troubleshooting needs. This is where HTML Reports come in! The HTML reports give you a nice detailed breakdown of each setting and the GPO from which it came. This report is particularly nice as you can show all and use ctrl+f to find a particular policy or setting. To generate a HTML report use the following:

/h Saves the report in HTML format
/f Forces GPresult to overwrite the file name specified with /h
/user Specifies the user name for which the RSOP data is to be displayed

GPR3

/s Specifies the remote system to connect to
This allows you to run GPResult on a remote computers and servers, all of the above still applies.

GPR4

[AdSense-A]

Share:
Twitter
LinkedIn
Facebook
Reddit
Whatsapp
Follow by Email

Pixel Robots.

I’m Richard Hooper aka Pixel Robots. I started this blog in 2016 for a couple reasons. The first reason was basically just a place for me to store my step by step guides, troubleshooting guides and just plain ideas about being a sysadmin. The second reason was to share what I have learned and found out with other people like me. Hopefully, you can find something useful on the site.

2 Comments

David · October 10, 2016 at 1:15 pm

I find rsop.msc is much easier to use and actually see whats within the policy, No need to export to html, making life harder than its needed to be

    Pixel Robots. · October 10, 2016 at 1:46 pm

    I always found that RSOP.msc will only show you what has been applied to your computer as the user that has run the command. You also need to know off hand where each setting is to be able to check properly. With the HTML file, I can check if a GPO has applied from the friendly name I have given the GPO. Each to their own I guess.

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *