Logo
PREGNANCY
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
 
 
Windows Vista

Troubleshooting Policy Settings

3/15/2011 10:35:47 PM
With all the complexity of GPO processing through the series of L-S-D-OU-OU-OU, and with Block Inheritance and Enforced settings, you might easily recognize that, on occasion, what you get from your collection of GPOs isn’t exactly what you expected. To help you sort through this maze of policies and settings, Microsoft has provided several different tools.

Group Policy Results and Group Policy Modeling

The first two tools, and probably the most recommended, can be accessed within the Group Policy Management Console (GPMC):

  • Group Policy Results

  • Group Policy Modeling

These two tools and a summary from the Group Policy Results tool, are shown in Figure 1.

Figure 1. Using the Group Policy Results tool in the GPMC.

The Group Policy Results Tool

The Group Policy Results tool allows you to identify the effective GPOs and their settings that configure and control the user’s session on the computer. You specify which computer and which user to run the analysis on. The Group Policy Results tool performs its analysis based on where the specified computer account actually is located within AD and where a specified user account actually is located within AD to produce the effective GPO results. The Group Policy Results tool is often called the “What is” analysis tool.

The Group Policy Modeling Tool

The Group Policy Modeling tool is used to experiment with “What if” scenarios. It allows you to specify a computer account and a user account to analyze. It then allows you to manipulate where the computer account might be placed within AD and where the user account might be placed within AD. Finally, the Group Policy Modeling tool calculates the effective GPOs and their settings that configure and control the user’s session on the computer, based on their newly proposed positions within AD.

Resultant Set of Policies (RSoP)

Another tool that is available in Windows Vista was available in earlier operating systems. It is called the Resultant Set of Policies (RSoP) tool. This tool is still available in Windows Vista as a snap-in to the Microsoft Management Console (MMC) and must be assembled to be accessed.

Just like the Group Policy Results tool, you select which computer and which user to run the analysis on. The RSoP tool performs its analysis based on where the specified computer account actually is located within AD and where a specified user account actually is located within AD to produce the results. The Resultant Set of Policy tool is also called a “What is” analysis tool because it too is based on the objects’ actual locations in AD.

As shown in Figure 2, the RSoP tool presents the results like a GPO is formatted. This makes a quick overview more difficult than the summary of settings that is presented with the newer Group Policy Modeling and Group Policy Results tools inside the GPMC, and explains why this might not be your first choice of GPO analysis tools.

Figure 2. Using the Group Policy Results tool in the GPMC.

The X icon in Figure 2 identifies that a security identifier (SID) failed to resolve to a name. This is usually the result of a renamed or deleted user or computer account.

Alert

This RSoP tool is not the recommended tool to use for GPO analysis and troubleshooting but is still available to analyze the effective policies for a computer and user session based on their actual positions within AD.


GPResult.exe Command-Line Tool

A third tool to perform a similar analysis is the command-line tool called GPResult.exe. This tool analyzes only the local machine where the command is executed and the user who is currently logged on to that machine. The output is ASCII text. It identifies the computer and its configuration and status on the network and also its position in AD. Then GPResult reports on all the GPOs that affect the computer. GPResult then repeats the process for the user who is logged on to the computer.

Other -----------------
- Group Policy Settings (part 5) - Point and Print Restrictions & Digital Certificates and Authenticode
- Group Policy Settings (part 4) - The Audit Policy
- Group Policy Settings (part 3) - Managing Device Installation
- Group Policy Settings (part 2) - Software Restrictions
- Group Policy Settings (part 1) - Desktop Settings & Software Deployment by GPO
- Group Policy Object Overview (part 2) - Applying GPOs to a Computer and User in an AD Environment
- Group Policy Object Overview (part 1) - Building a Local Computer Policy & The Domain Member Computer
- User Account Control (UAC)
- Troubleshoot Authentication Issues - SmartCards
- Configure and Troubleshoot Access to Resources (part 4) - Securing Network Traffic for Remote Desktop Protocol (RDP) Access
- Configure and Troubleshoot Access to Resources (part 3) - IPSec for Securing Network Traffic on the Local LAN
- Configure and Troubleshoot Access to Resources (part 2) - Printer Sharing
- Configure and Troubleshoot Access to Resources (part 1) - Permissions
- Windows Update (part 4) - Troubleshooting Updates
- Windows Update (part 3) - Windows Server Update Services Server (WSUS)
- Windows Update (part 2) - Automatic Updates
- Windows Update (part 1) - Manual Updates
- Windows Defender and Other Defenses Against Malware
- Windows Firewall
- Troubleshoot Security Configuration Issues (part 2) - Securing Data in Storage with Encrypting File System & Securing Computers with the Security Configuration and Analysis Tool
 
 
Most view of day
- SharePoint 2010 : Configuring Search Settings and the User Interface - Web Parts (part 3)
- SQL Server 2008 R2 : A Performance Monitoring Approach (part 2) - Monitoring the Processors
- Microsoft OneNore 2010 : Opening a Backup Copy of a Notebook Section
- Adobe Dreamweaver CS5 : Using Library Items and Server-side Includes (part 2) - Using the Library Assets Panel - Inserting a Library item in your Web page
- Microsoft Exchange Server 2010 : Getting Started with Email Archiving - Enabling Archiving (part 2) - Using Exchange 2010 Discovery, Offline Access
- Accessing and Using Your Network : Sharing Resources with the Network (part 3) - Hiding Shared Resources
- SharePoint 2010 : Packaging and Deployment Model - Features (part 1) - Feature Designer
- Windows Phone 7 : AlienShooter Enhancements (part 1) - Load and Save Game State
- Microsoft Exchange Server 2007 : Implementing Client Access and Hub Transport Servers - Transport Pipeline
- Microsoft Exchange Server 2007 : Consolidating a Windows 2000 Domain to a Windows Server 2003 Domain Using ADMT (part 4) - Migrating User Accounts
Top 10
- Sharepoint 2013 : Working with the CSOM (part 6) - Working with the JavaScript client object model - Creating, reading, updating, and deleting in the JavaScript client object model
- Sharepoint 2013 : Working with the CSOM (part 5) - Working with the JavaScript client object model - Handling errors
- Sharepoint 2013 : Working with the CSOM (part 4) - Working with the JavaScript client object model - Returning collections
- Sharepoint 2013 : Working with the CSOM (part 3) - Working with the managed client object model - Creating, reading, updating, and deleting
- Sharepoint 2013 : Working with the CSOM (part 2) - Working with the managed client object model - Handling errors
- Sharepoint 2013 : Working with the CSOM (part 1) - Understanding client object model fundamentals
- Windows Phone 8 : Configuring Mailbox Settings (part 5) - Configuring Automatic Replies
- Windows Phone 8 : Configuring Mailbox Settings (part 4) - Lightening the Display,Changing the Mailbox Sync Settings
- Windows Phone 8 : Configuring Mailbox Settings (part 3) - Message Signatures, Blind CCing Yourself
- Windows Phone 8 : Configuring Mailbox Settings (part 2) - Unlinking Mailboxes, Conversation View
 
 
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro