Friday, 5 June 2015

Group Policy Troubleshooting

Group Policy Troubleshooting

From time to time you may find yourself trying to identify what group policy (GPO) settings have been applied to a particular user or computer and what policy they have been applied from.  The Old Faithful of group policy troubleshooting is running gpresult from a command line.  While this is the tool that has been recommended on courses for years (even up to a Windows 2008 R2 course I attended a couple of years ago), I've always found the results from this lacking in detail.

RSOP.MSC

What I find most useful is to run rsop.msc from your Start...Run box.  RSOP is Resultant Set Of Policy and it loads as a MMC snap-in.  This snap-in will let you browse through the GPO objects and it will let you see the configured settings and, crucially, the name of the policy that it has applied from.  This will help you through difficulties that you might have with understanding the hierarchy of policies from Site, Domain, OU and Local.

Group Policy - Resultant Set Of Policy

In this next image, you can see the names of the policies that have applied to the computer (or User Configuration, if you select the properties on that).
Group Policy - Resultant Set Of Policy


rsop.msc will also let you see errors that caused particular policies not to load and security settings that may also be preventing a policy from loading.

Group Policy Modeling

One failing of running rsop.msc on your local system is that Group Policy Preference settings are not visible.  These preferences were introduced to Group Policy in Windows Server 2008 and provide GUI based configuration settings.  For example, you can get very specific with local user account settings or Internet Explorer settings using Group Policy Preferences.  Unfortunately, rsop.msc hasn't caught up with this yet.

However, using the Group Policy Modeling wizard in your Group Policy Management tool on a domain controller, or through your local administrative tools, you can see what Group Policy Preferences will be applied.  You can also go through a lot of 'what if' scenarios to see what would happen if, for example, group memberships are changed.
Posted by at
Labels: , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)