/build/static/layout/Breadcrumb_cap_w.png

Utilities for Group Policy Reporting

Introduction

Being in the dark kind of stinks.

Not knowing 'what's going on' in your world is a little scary. Things could be working great ' or they could be falling apart. Without having the ability to produce reports in front of you means you're in the dark, and again, that's no fun.

That's where Group Policy reporting comes in. With Group Policy reporting you can quick discern if everything is 'fine and dandy' or 'Uh oh, red alert' time in your environment.

Let's explore two utilities to help take us out of the darkness and bring come clarity to our Group Policy environment.

GPresult command line tool

Windows XP and Windows 7 ship with the gpresult.exe command. Let's see an example of GPresult on Windows XP in Figure 1.


Figure 1: GPresult running on Windows XP

Here, you can see Windows XP reporting about the 'Applied Group Policy Objects' and also 'The following GPOs were not applied because they were filtered out.'

Applied Group Policy Objects is important, because it shows (from this user's perspective) what they appear to be getting. Conversely, the second category 'The following GPOs were not applied because they were filtered out' shows the equally important GPOs they didn't get. A GPO might not apply for a huge variety of reasons, including being blocked, the side being empty (in this case, the user side of the two policies displayed), security issues or lots of other reasons.

So, in short: knowing what you got and actually what you didn't get is equally important.

Running GPresult on Windows 7 however doesn't work right away. Let's take a look at Figure 2.


Figure 2: Running GPresult on Windows 7

If you simply run GPresult.exe on Windows 7, you are prompted to force feed it some command line arguments. To run the equivalent comment that we saw in Windows XP, you need to run GPresult /R.

You'll get a very similar output from Windows 7 as you did in Windows XP with this command.

Group Policy Results inside the GPMC

The GPresult command line tool we just explored is great ' if you're sitting on the machine you're trying to troubleshoot. However, if you want to remotely see what's going on, a better tool might be the Group Policy Results wizard inside the GPMC as seen in Figure 3.


Figure 3: The Group Policy Results Wizard inside the GPMC

Running the Group Policy Results wizard requires that the target machines' firewall is open enough for the request to come thru. So sometimes running the Group Policy Results wizard against a remote machine might yield what's in Figure 4.


Figure 4: RPC server unavailable means that the target machine's firewall is preventing your request

Once the firewall is taken care of though, it's smooth sailing as seen in Figure 5.

Here, you can see a nice graphical report showing similar information. Additionally any known errors are also reported in the 'Policy Events' tab as also seen in Figure 5.

Group Policy reporting doesn't have to be mysterious. It can be enlightening and help you determine where things are going great, or where your computers and users might need a little attention.


Comments

This post is locked
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ