Using Resultant Set of Policy to view wireless network policy assignments

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Using Resultant Set of Policy to view wireless network policy assignments

Resultant Set of Policy (RSoP) is an addition to Group Policy that you can use to view wireless network policy assignments for a computer or for members of a Group Policy container. This information can help you troubleshoot policy precedence issues and plan your deployment.

To view wireless network policy assignments in RSoP, you must first open the RSoP MMC console, and then run a query. RSoP provides two types of queries: logging mode queries (for viewing wireless network policy assignments for a computer) and planning mode queries (for viewing wireless network policy assignments for members of a Group Policy container).

Logging mode queries

You can run an RSoP logging mode query to view all of the wireless network policies that are assigned to an wireless network client. The query results display the precedence of each wireless network policy assignment, so that you can quickly determine which wireless network policies are assigned but are not being applied and which wireless network policy is being applied. The RSoP console also displays detailed settings (that is, whether 802.1X authentication is enabled, the list of preferred wireless networks that clients can connect to, and wireless network key settings) for the wireless network policy that is being applied.

When you run a logging mode query, RSoP retrieves policy information from the Windows Management Instrumentation (WMI) repository on the target computer, and then displays this information in the RSoP console. In this way, RSoP provides a view of the policy settings that are being applied to a computer at a given time.

For information about how to run RSoP logging mode queries for wireless network policies, see Use RSoP to view wireless network policy assignments for a computer. For general information about RSoP logging mode queries, see RSoP logging mode. For general information about RSoP, see RSoP overview.

Planning mode queries

You can run an RSoP planning mode query to view all of the wireless network policies that are assigned to members of a Group Policy container. For example, a planning mode query can be useful if you are planning a company reorganization and you want to move computers from one organizational unit to a new organizational unit. By supplying the appropriate information and then running a planning mode query, you can determine which wireless network policies that are assigned but are not being applied to the new organizational unit and which wireless network policy is being applied. In this way, you can identify which policy would be applied if you were to move the computers to the new organizational unit. As with logging mode queries, when you run a planning mode query, the RSoP console displays detailed policy settings for the wireless network policy that is being applied.

When you run a planning mode query, RSoP retrieves the names of the target user, computer, and domain controller from the WMI repository on the domain controller. WMI then uses the Group Policy Data Access Service (GPDAS) to create the policy settings that would be applied to the target computer, based on the RSoP query settings that you entered. RSoP reads the policy settings from the WMI repository on the domain controller, and then displays this information in the RSoP console user interface.

For information about how to run RSoP planning mode queries for wireless network policies, see Use RSoP to view wireless network policy assignments for members of a Group Policy container. For general information about RSoP planning mode queries, see RSoP planning mode.

Note

  • You can run an RSoP planning mode query only on a domain controller (when you run a planning mode query, you must explicitly specify the domain controller name). However, you can specify any wireless network client as the target for the query, provided you have the appropriate permissions to do so.

Assigning and processing wireless network policies in Group Policy

Wireless network policies can be assigned from and stored in Active Directory, as part of Group Policy, or they can be assigned and stored locally, on a computer. When a computer is joined to an Active Directory domain, the domain-level wireless network policy applies. If a computer is not joined to an Active Directory domain, the local settings apply.

Group Policy settings are contained in Group Policy objects, which are linked with specific Active Directory objects (sites, domains, and organizational units). When a wireless network policy is assigned to a Group Policy object for an Active Directory object (such as an organizational unit), that wireless network policy is propagated to any computer accounts that are affected by the Group Policy object.

Multiple Group Policy objects, each of which can contain an wireless network policy, can be assigned to a computer account. When multiple wireless network policies are assigned, the last policy that is processed is the policy that is applied (that is, the last policy takes the highest precedence and overrides the settings of any wireless network policy assignments that were processed earlier).

Policy precedence is based on the Group Policy inheritance model. The policy used is the policy assigned at the lowest level of the domain hierarchy for the domain container of which the computer is a member. For example, if there are wireless network policies that are configured for both the domain and for an organizational unit within the domain, the computers that are members of the domain use the domain wireless network policies. The computers that are members of the organizational unit within the domain use the organizational unit wireless network policies. If there are multiple organizational units, members of each organizational unit use the wireless network policy assigned to the organizational unit that is closest in level to their container in the Active Directory hierarchy. If no wireless network policies are configured for Active Directory, or if a computer is not connected to an Active Directory domain, the local wireless settings are used.

Wireless network policy information displayed in the RSoP console

The RSoP snap-in simplifies the task of determining which wireless network policy is being applied by displaying the following information for each Group Policy object that contains a wireless network policy assignment: the name of the wireless network policy, the name of the Group Policy object that the wireless network policy is assigned to, the wireless network policy precedence (the lower the number, the higher the precedence), and the name of the site, domain, and organizational unit to which the Group Policy object containing the wireless network policy applies (that is, the scope of management for the Group Policy object).

For general information about Group Policy, see Group Policy overview.