September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
9.20. Viewing the RSoP
Problem
You want to view the actual RSoP for a user and computer. This is a great tool for determining if policies are being applied correctly on a client.
Solution
Using a graphical user interface
Tip
The RSoP snap-in is available only on Windows Server 2003 and Windows XP.
Open the RSoP snap-in by running
rsop.msc from the
command line. This will cause the RSoP snap-in to evaluate the group
policies for the target computer and pop open a MMC console so that
you can browse the applied settings.
You can target a different computer by right-clicking the top of the tree in the left pane and selecting Change Query. You will then be prompted for the name of the computer to query.
Using a command-line interface
> gpresult
With the Windows Server 2003 version of gpresult,
you can specify a /S option and the name of a
computer to target, which allows you to run the command remotely.
With Windows 2000, there is a /S option, but it
enables super verbose mode. There is no way to target another
computer with the Windows 2000 version. For a complete list of
options with either version, run gpresult /? from
a command line.
Discussion
If you implement more than a few GPOs, it can get confusing as to what settings will apply to users. To address this problem, you can query the resultant set of policy on a client to determine what settings have been applied.
The registry on the target computer is another source of information. You can view the list of policies that were applied to ...