Before exploring the tools that display the current state of GPO application, it is usually a good idea to update all applied and relevant GPOs. This can be done by waiting (upwards of 4 hours in some cases) or by using the GPUPDATE command line tool to force a refresh of GPO settings. Just execute "gpupdate /force" from a command prompt on the system you want to refresh. Or using "/target:<computer>" to update across the network.
Once you are sure that all relevant and applicable GPOs have been applied, you can seek out status data. One method to obtain the Resultant Set of Policy is to use the GPRESULT command line tool. You'll probably want to pipe the output into a file to allow for easier review (and text searching), by using a command line such as "gpresult > rsop1.txt".
If you prefer a GUI-based display, you can open the RSOP MMC snap-in or use the Help and Support Center. To use the latter, click "Performance and maintenance" under the Pick a Help topic column, then click Tools under See Also, then click Advanced System Information under Tools, then click View Group Policy settings applied in the right-pane.
If you have just created a GPO and want to test its effects, you can perform a simulation of GPO application without actually deploying the GPO. This is known as Group Policy Modeling. This is another feature of the Group Policy Management MMC snap-in. Just run the Group Policy Modeling Wizard by right clicking the Group Policy Modeling item and selecting it from the pop-up menu and select the appropriate items for your desired GPO test. This is a great tool for checking dependencies, inheritance, and conflicts before rolling out a new GPO.
James Michael Stewart has co-authored numerous books on Microsoft, security certification and administration and is a regular speaker at NetWorld+Interop. Stewart holds the following certifications: MCSE, MCT, CTT+, CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K and iNet+. He can be reached at firstname.lastname@example.org.
This was first published in July 2005