Windows Server

Group Policy Object Report: How to analyze group policies applied to a user and computer account

Group Policy (GP) is a Windows management feature that allows you to control multiple users’ and computers’ configurations within an Active Directory environment. With GP, all Organizational Units, sites, or domains can be configured from a single and central place. If you ever wanted to know what group policies are enabled on your computer, here are a few ways of finding them out. You may want to see the following articles as well. Why use RSAT? How to Install RSAT on Windows 10, how to resolve this “Thunderbolt” application is not in use anymore and can be safely uninstalled, Remote Server Administration Tools: To install RSAT on Windows Server, and what is Group Policy Object and how can it be launched in Windows.

Via the Resultant Set of Policy Management Console

This is the easiest way to determine the group policies applied to you. There it is a very powerful built-in command prompt used for auditing group policy settings.

Alternatively, search for “run” and type rsop.msc into the run box and then hit enter orWin + R keyboard combination to bring up a run box, type rsop.msc into the run box and then hit enter. View Post

When this is run, this will analyze and process the policies applied to you.

After its analysis, it will display the resultant set of Policies applied to you.

Now click on each folder, empty folders imply there are no policies applied to you. These are currently the only policies applied to my device via the computer configuration.

Via the Command line:  It should be noted that you have to specify the scope of the results. To find all the policies that are applied to your user account, you would use the following command:

gpresult /Scope User /v

This will process and display the results as shown below.

Then if you scroll down, you will see the the Resultant Set Of Policies for User section.

If you are looking for all policies applied to your Computer, all you need to do is change the scope:

gpresult /Scope Computer /v

More output

More output – Administrative template

Alternatively, there is a shortcut command that can be applied to get the desired result.

User Side Policies

To get all the policies applied to your user account, simply run the command below from the command prompt.

gpresult /r

This will give only the user-side of group policies applied.

Computer Side Policies

To get this policy, simply run the command prompt with administrative privilege, this will output policies relating to the computer.

gpresult /r

Note: The command prompt has to be run with administrators rights

GPRrport Command (Output HTML)

It is usually not feasible to read the group policies objects summary data from the command prompt every time in detail. Thus to get it in an easily readable form, we can export the data into the HTML format. Open a Command Prompt and type the following:

cd Desktop
GPRESULT /H GPReport.html

Specify the GPresult Path

The /H command with the location and filename specifies where the file will be saved. To do this, please run the command below.

gpresult /H <path>
gpresult /H c:\gpresults.html

Group Policy For Specific User

This command is used to display the group policies for the specific user or system which lies in the network domain. To display the specific user policy summary you must be aware of the user’s credentials. The command is as follows:

gpresult /R /USER targetusername /P password

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Subscribe
Notify of
guest

2 Comments
Inline Feedbacks
View all comments
Ben Lee
Ben Lee
1 year ago

Great info. One thing I don’t understand that the new server GPO has been applied to the local PC and can be seen from running “rsop.msc” but not from local GOP “gpedit”? just wonder why? Thanks

Last edited 1 year ago by Ben Lee
2
0
Would love your thoughts, please comment.x
()
x