Guides

We may earn a commission if you make a purchase through the links on our website.

How to Use GPResult Command to Check Group Policy

How to Use GPResult Command to Check Group Policy

Hitesh J UPDATED: August 30, 2024

Hitesh J

See Full Bio & All Articles from this Author.

Group Policy is responsible for managing computers from a central location and configuration of operating systems, applications, and users’ settings in an Active Directory environment.

Group Policy also works as a security tool and enforces security policies for users and devices, collectively referred to as Group Policy Objects (GPOs) in the Active Directory environment.

The main purpose of defining security policies is to keep you safe from insider threats and external attacks.

This feature is compatible with Windows 2000, Vista, Windows Server 2008, Windows XP, Windows 7, Windows Server 2012, and other Microsoft platforms.

Instead of investing more heavily in an organization's IT infrastructure, the network administrators should use Group Policy Management. The group policies can save you from choosing an overly simple password to protect against cybercrime, authorize access to only the users who need sensitive files, force security patches installations, etc. However, at times, there are many security loopholes. Group Policy Objects can address a few of them and help defend your system against any insider threat or an external attack.

Group Policy Uses

  • Drive Mappings Using Group Policy, you can easily map drives utilizing login scripts and remove if needed for users. These drives help users find folders easily on a company server without noting it. In addition, rather than adding network shares manually to each new user, Group Policy eases this process and maps folders automatically.
  • Folder Redirection Windows has a default setting to store all your standard folders at a specific location. If you want to redirect the data or documents on a server, you must use Group Policy. The folder redirection also helps create a centralized backup and data access to users regardless of the device they log onto.
  • Security Using Group Policy can save you from many threats. It enforces policies that fix a minimum length and often forces users or applications to update passwords. If a user tries to log in with incorrect credentials, a lockout policy helps freeze the user account.
  • Printers If your enterprise has installed printers, you can add them to the Group policy and set up its drivers on all other drivers, just like map driving. Also, printers with Group policy are a great way to deploy printer connections automatically.
  • Power Options: You can configure aspects of power settings, such as hard disk sleep time, using Group Policy.

How to Use GPResult Command to Check Group Policy

The GPResult command, also called “group policy result”, is a Windows command-line tool used to check and display the group policies applied on the computer.

You can run the GPResult command via Windows command prompt or PowerShell.

To list all options available with the GPResult command, run the following command:

gpresult /help

You should see all available switches on the following screen:

gpresult help

View RsoP Summary Using GPResult 

You can use the GPResult command with /r option to display the Rsop summary of applied group policy on your Windows Desktop or Server including, OS configuration, OS version, OU information, Security groups, user profile, and more:

gpresult /r

You should see the following screen containing all information:

gpresult summary page1

gpresult summary page2

View Summary of User and Computer Using GPResult

You can use the GPResult command with /scope: user or /scope: computer option to display the applied group policy settings on the user or computer.

Run the following command to display the group policy setting of the user:

gpresult /r /scope:user

You should see all information on the following screen:

gpresult user information page1

gpresult user information page2

Run the following command to display the group policy setting of the computer:

gpresult /r /scope:computer

You should see the applied policy settings in the following screen:

gpresult computer information page1

gpresult computer information page2

You can also view the applied group policy settings of the specific user.

For example, to view the applied group policy setting of the administrator user, run the following command:

gpresult /r /user administrator

You should see the following screen:

gpresult administrator information

View the Verbose Information of System

You can use the GPResult command with the/v  flag to display your Windows system’s verbose information, including security settings applied on all users, public key policies, logon and logoff script settings, internet connection settings, and more.

gpresult /v

You should see all the information on the following screen:

gpresult verbose information page1

gpresult verbose information page2

gpresult verbose information page3

gpresult verbose information page3

Export GPResult Report in a File

You can use the GPResult command with the options /r, /H, and /X to export the GPResult report in text, XML, and HTML files.

To export the GPResult report in a text file, run the following command:

gpresult /r /scope:user > C:\report.txt

gpresult text report

To export the GPResult report in HTML file, run the following command:

gpresult /H > C:\report.html

gpresult html report

To export the GPResult report in an XML file, run the following command:

gpresult /X > C:\report.xml

export of the GPResult report

Exporting the GPResult output to a file can be very helpful for troubleshooting remote computers.

gpresult command easy reference table

Here's a table describing different uses of the gpresult command for checking Group Policy

CommandDescription
gpresult /r or gpresult /RDisplays Resultant Set of Policy (RSoP) information for the current logged-on user.
gpresult /v or gpresult /VDisplays verbose policy information for the computer running Ntbackup. This includes information about the operating system and the user who is currently logged on.
gpresult /z or gpresult /ZDisplays all available information about Group Policy. This is the most detailed information level.
gpresult /user Specifies the user name of the user for which to display Resultant Set of Policy (RSoP) information.
gpresult /scope {user|computer}Specifies the scope (user or computer) of the settings to display.
gpresult /h Saves the report in HTML format with the specified filename.
gpresult /fForces a refresh of the Group Policy. Used in conjunction with /r, /v, /z parameters.
gpresult /?Displays the command's help/usage information.

Use a Third-Party Tool

ManageEngine ADManager Plus – FREE TRIAL

ManageEngine produces a system, called ADManager Plus, which gives easier access to Active Directory and also enables bulk actions and task automation for object administration.

ADManager Plus from ManageEngine

Steps to Check Group Policy in ADManager Plus:

Log in to ADManager Plus:

  • Open your web browser and navigate to the ADManager Plus URL.
  • Enter your credentials to log in to the dashboard.

Access Group Policy Management:

  • Once logged in, navigate to the “Management” tab located on the top menu bar.
  • Under the “Management” section, you will find the “GPO Management” option.

View and manage Group Policy Objects (GPOs):

  • Click on “GPO Management” to access various GPO-related tasks.
  • Here, you can view a list of all Group Policy Objects (GPOs) within your Active Directory environment.

Check Group Policy settings:

  • Select the specific GPO you want to review by clicking on it. This will allow you to view detailed information about the GPO, including settings applied to users, computers, and specific Organizational Units (OUs).
  • You can see the scope of the GPO, such as which OUs or groups it is linked to, and the specific settings configured within the GPO.

Search and filter GPOs:

  • Use the search function to quickly find a specific GPO by name or by attributes. This is particularly useful in large environments with many GPOs.
  • You can also filter GPOs based on criteria like status (enabled/disabled), creation date, or modification date to narrow down the results.

Generate GPO reports:

  • To get more insights into your Group Policies, go to the “Reports” tab.
  • Under “GPO Reports”, you can generate detailed reports on various aspects of your GPOs, such as:
    • GPO Settings Report: Provides details on the specific settings configured in each GPO.
    • GPO Linked Report: Shows which OUs or groups are linked to specific GPOs.
    • GPO Permissions Report: Displays the security settings and permissions applied to each GPO.

Export reports:

  • After generating the required report, you can export it in multiple formats (PDF, CSV, etc.) by clicking the “Export” button. This is useful for documentation, audits, or further analysis.

Schedule regular GPO reports:

  • For continuous monitoring, you can schedule these reports to be generated at regular intervals. Go to “Schedule Reports” under the Reports tab, choose your report, set the frequency, and specify the recipients.

Modify or create new GPOs:

  • If you need to modify an existing GPO or create a new one, return to the “GPO Management” section. You can easily update settings, link the GPO to different OUs or groups, or create a new GPO from scratch.

Track GPO changes:

  • To monitor changes to GPOs, ADManager Plus can track and report on modifications, helping ensure compliance and security. These reports can be accessed under the “Audit Reports” section.

By following these steps, you can effectively use ManageEngine ADManager Plus to check, manage, and report on Group Policies in your Active Directory environment, ensuring efficient and secure policy management. Start by registering for a 30-day free trial.

ManageEngine ADManager Plus Access a 30-day FREE Trial

Conclusion

The above guide explained how to use the GPResult command to check the group policy settings applied on the Windows system. I hope this will help you to identify the group policy-related problems.

GPResult command FAQs

What options can I use with the GPResult command?

Some options that can be used with the GPResult command include "/r" to display the resulting set of policies, "/scope" to specify the scope of the policy, "/user" to view policies applied to a specific user, and "/v" to display verbose information.

Can I use the GPResult command to troubleshoot Group Policy issues?

Yes, the GPResult command can be used to troubleshoot Group Policy issues by displaying the settings that have been applied to a computer or user, as well as any errors that may have occurred during the application of those policies.

Is GPResult command only for Windows?

Yes, GPResult command is only available in Windows Operating System.

Can I run GPResult command remotely?

You can run GPResult command remotely by using PsExec or other similar tools.

What are some useful GPResult commands?

Some useful commands include:

  • gpresult /r - This command displays the resulting set of policies that have been applied to the computer or user.
  • gpresult /scope computer - This displays the policies that have been applied to the computer, rather than the user.
  • gpresult /user [username] - This command displays the policies that have been applied to a specific user. Replace [username] with the desired username. Ideal for troubleshooting issues applying only to one individual.