Tutorial

Troubleshooting Group Policy Objects for Windows Vista

This chapter excerpt from Microsoft Windows Vista Management and Administration, by Andrew Abbate, James Walker, Scott Chimner and Rand Morimoto, is printed with permission from Pearson Education,

    Requires Free Membership to View

Copyright 2007.

Click here for the chapter download or purchase the entire book here.


Although GPOs generally work very well in Active Directory environments, occasionally administrators will encounter issues when working with GPOs. If this should occur, there are several client and server side tools that can be used to determine the issue that is preventing a given GPO from applying properly.

Using the Resultant Set of Policies Tool

Resultant Set of Policies (RSoP) is part of the GPMC that provides a GUI interface that enables you to test a policy implementation prior to rolling it out in production and also enables you to view what policies a user or computer is actually receiving. The RSoP allows an administrator to pick a computer and user object and determine which GPOs would get applied. This allows an administrator to model the results without needing access to the user or the user's computer.

Group Policy Modeling Using RSoP

RSoP Planning mode enables you to simulate the deployment of a specified Group Policy, check the results, change, and then test the deployment again. This is very helpful in a lab environment where you can create and test a new set of policies. After RSoP shows that the GPO is correct, you can then use the backup functionality to back up the GPO configuration and import it into production.

To run RSoP in simulation mode, right-click Group Policy Modeling in the forest that will be simulated, and choose Group Policy Modeling Wizard. The wizard allows for inputting the possibility of slow links, loopback configuration, and WMI filters as well as other configuration choices. Each modeling is presented in its own report as a subnode under the Group Policy Modeling mode.

Using RSoP Logging Mode to Discover Applied Policies

RSoP in Logging mode enables you to view what exact policies a user or computer might be receiving. It shows in a readable format what polices are enforced, where conflicts exist, and what different policies are being applied to the user/computer. It can be run either on the local computer or on a remote computer by choosing the proper options in the wizard. To run RSoP in Logging mode, right-click Group Policy Results in the GPMC, and then click the Group Policy Modeling Wizard selection and follow the wizard that appears.

Using GPResult

One of the most common questions in GPO troubleshooting is, "How do I know it even tried to apply my GPO?" This is a very easy thing to test, and it tends to provide a lot of interesting information. Vista workstations have a utility available called GPResult. To run this, open a command prompt, type gpresult, and press Enter.

The utility will determine what groups the user and the computer belong to, and it will show you what GPOs it found linked to the OU hierarchy. It will point out GPOs that were skipped because of security filtering, and it will show you which ones were applied. It will even go so far as to tell you what OU your user and computer objects are in. This can be very helpful in determine why a GPO was or was not applied.

Using GPUpdate

Another helpful tool for testing out GPOs is the GPUpdate utility. This will trigger a download and application of GPOs outside of the normal GPO processing schedule.

You can limit the tool to only request updates to user or computer GPOs by using:

Gpupdate /target:computer

or Gpupdate /target:user

You can force the system to immediately apply changes by using:
Gpupdate /force
And you can even use Gpupdate /sync to include a reboot of the system to process GPO settings that occur only on system startup.


GROUP POLICY BASICS FOR WINDOWS VISTA

 Home: Introduction
 Tip 1: A basic primer on Microsoft Group Policy
 Tip 2: How to configure GPOs
 Tip 3: What's new in Vista Group Policy?
 Tip 4: How to manage GPOs
 Tip 5: Troubleshooting GPOs for Vista
 Tip 6: Group Policy best practices
ADVANCED GROUP POLICY FOR WINDOWS VISTA
 Home: Introduction
 Tip 1: Which GPOs are available
 Tip 2: Further understanding GPOs in Vista
 Tip 3: Examples of useful GPOs in Vista
 Tip 4: Moving policies between domains
 Tip 5: Recommended practices with Vista Group Policy

This was first published in December 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: