Troubleshooting Group Policy Objects for Windows Vista

This excerpt from "Microsoft Windows Vista Management and Administration" provides some helpful tools for troubleshooting Group Policy Objects in Active Directory environments.

Microsoft Windows Vista Management and Administration This chapter excerpt from Microsoft Windows Vista Management and Administration, by Andrew Abbate, James Walker, Scott Chimner and Rand Morimoto, is printed with permission from Pearson Education, Copyright 2007.

Click here for the chapter download or purchase the entire book here.

Although GPOs generally work very well in Active Directory environments, occasionally administrators will encounter issues when working with GPOs. If this should occur, there are several client and server side tools that can be used to determine the issue that is preventing a given GPO from applying properly.

Using the Resultant Set of Policies Tool

Resultant Set of Policies (RSoP) is part of the GPMC that provides a GUI interface that enables you to test a policy implementation prior to rolling it out in production and also enables you to view what policies a user or computer is actually receiving. The RSoP allows an administrator to pick a computer and user object and determine which GPOs would get applied. This allows an administrator to model the results without needing access to the user or the user's computer.

Group Policy Modeling Using RSoP

RSoP Planning mode enables you to simulate the deployment of a specified Group Policy, check the results, change, and then test the deployment again. This is very helpful in a lab environment where you can create and test a new set of policies. After RSoP shows that the GPO is correct, you can then use the backup functionality to back up the GPO configuration and import it into production.

To run RSoP in simulation mode, right-click Group Policy Modeling in the forest that will be simulated, and choose Group Policy Modeling Wizard. The wizard allows for inputting the possibility of slow links, loopback configuration, and WMI filters as well as other configuration choices. Each modeling is presented in its own report as a subnode under the Group Policy Modeling mode.

Using RSoP Logging Mode to Discover Applied Policies

RSoP in Logging mode enables you to view what exact policies a user or computer might be receiving. It shows in a readable format what polices are enforced, where conflicts exist, and what different policies are being applied to the user/computer. It can be run either on the local computer or on a remote computer by choosing the proper options in the wizard. To run RSoP in Logging mode, right-click Group Policy Results in the GPMC, and then click the Group Policy Modeling Wizard selection and follow the wizard that appears.

Using GPResult

One of the most common questions in GPO troubleshooting is, "How do I know it even tried to apply my GPO?" This is a very easy thing to test, and it tends to provide a lot of interesting information. Vista workstations have a utility available called GPResult. To run this, open a command prompt, type gpresult, and press Enter.

The utility will determine what groups the user and the computer belong to, and it will show you what GPOs it found linked to the OU hierarchy. It will point out GPOs that were skipped because of security filtering, and it will show you which ones were applied. It will even go so far as to tell you what OU your user and computer objects are in. This can be very helpful in determine why a GPO was or was not applied.

Using GPUpdate

Another helpful tool for testing out GPOs is the GPUpdate utility. This will trigger a download and application of GPOs outside of the normal GPO processing schedule.

You can limit the tool to only request updates to user or computer GPOs by using:

Gpupdate /target:computer

or Gpupdate /target:user

You can force the system to immediately apply changes by using:
Gpupdate /force
And you can even use Gpupdate /sync to include a reboot of the system to process GPO settings that occur only on system startup.


 Home: Introduction
 Tip 1: A basic primer on Microsoft Group Policy
 Tip 2: How to configure GPOs
 Tip 3: What's new in Vista Group Policy?
 Tip 4: How to manage GPOs
 Tip 5: Troubleshooting GPOs for Vista
 Tip 6: Group Policy best practices
 Home: Introduction
 Tip 1: Which GPOs are available
 Tip 2: Further understanding GPOs in Vista
 Tip 3: Examples of useful GPOs in Vista
 Tip 4: Moving policies between domains
 Tip 5: Recommended practices with Vista Group Policy

This was last published in December 2007

Dig Deeper on Microsoft Group Policy Management



Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.