You want to view the actual RSoP for a user and computer. This is a great tool for determining if policies are being applied correctly on a client.
The RSoP snap-in is available only on Windows Server 2003 and Windows XP.
Open the RSoP snap-in by running
rsop.msc from the
command line. This will cause the RSoP snap-in to evaluate the group
policies for the target computer and pop open a MMC console so that
you can browse the applied settings.
You can target a different computer by right-clicking the top of the tree in the left pane and selecting Change Query. You will then be prompted for the name of the computer to query.
With the Windows Server 2003 version of
you can specify a
/S option and the name of a
computer to target, which allows you to run the command remotely.
With Windows 2000, there is a
/S option, but it
enables super verbose mode. There is no way to target another
computer with the Windows 2000 version. For a complete list of
options with either version, run
gpresult /? from
a command line.
If you implement more than a few GPOs, it can get confusing as to what settings will apply to users. To address this problem, you can query the resultant set of policy on a client to determine what settings have been applied.
The registry on the target computer is another source of information. You can view the list of policies that were applied to ...