When a computer doesn't apply a group policy, the first thing is of course to force the update of the policies on it, but you can then use various tools which allow you to obtain all the necessary information to try to find the cause of your problem.
Here's how to generate this information, also known as : Resultant Set of Policy (RSoP).
To get started, update the policy on the client computer or server using the command :
Which will give :
Updating policy ... Computer Policy update has completed successfully. User Policy update has completed successfully.
GPResult is a command line program that generates the Resultant Set of Policy (RSoP) for :
For more informations about the parameters of this "GPResult" command, see : Microsoft Docs.
To generate a Resultant Set of Policy (RSoP) in HTML format for the computer and the current user, you must use the "/H" (for the HTML version) or "/X" (for the XHTML version) parameter.
gpresult /H c:\GPReport.html
Once the command is executed, the file specified in parameter will be created at the desired location.
Note that the "/U", "/P", "/R", "/V" and "/Z" options cannot be specified with "/X" and "/H".
If you open this report, you will first see which user it concerns and for which computer it was generated.
In addition, you will find several sections :
In the "Summary" section, you can quickly find out (for computer and user policies) :
Note that if a slow link was detected, this may be the source of your problem.
Indeed, when a slow link is detected, it influences the policies that will be applied on this computer.
However, this will never influence security policies and administrative models.
In the "Computer Details" section, you will find :
Note that for each policy setting received, you will have :
Towards the end of the computer details, you will find a "Group Policy Objects" section that will let you know :
Finally, you will find a "WMI Filters" section with the WMI filters that you have created on your domain controller if these WMI filters are affected by this client computer.
Then, you will find a "User Details" section in which you will find :
Unlike the report that you generate in HTML format, the one in text format can be longer or shorter (and therefore more or less complete) depending on your needs.
To do this, all you have to do is specify the desired level of detail using one of these parameters :
Note that by default, the report is displayed in the console, as you can see below.
However, you can very easily export the result to a text file thanks to the output redirection supported by the Windows command prompt :
gpresult /R >> c:\GPReport.txt
Once the report is generated, it will be automatically saved in the "GPReport.txt" file at the root of the "C" partition (in our case).
Then, you just have to open it with Notepad.
At the beginning of the report, you can know :
You will then find a "Computer settings" section with :
Further down, you will find a "User settings" section with, for example :
If you are a little observant, you may have noticed that some characters were not the right ones.
This is because the notepad only supports ANSI, Unicode, and UTF-8. However, the command prompt uses another encoding which is the OEM 850.
If you want to see the correct characters :
Now, all characters are displayed correctly.
Windows Server 11/12/2011
Windows Server 9/3/2021
Windows Server 9/17/2021
Windows Server 8/6/2021
® InformatiWeb-Pro.net - InformatiWeb.net 2008-2020 - © Lionel Eppe - All rights reserved.
Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.