Export (0) Print
Expand All

Resultant set of policy overview for GPMC

Updated: January 21, 2005

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Resultant Set of Policy

Resultant set of policy (RSoP) is a feature of Group Policy that makes implementation, troubleshooting, and planning of Group Policy easier. When multiple Group Policy objects (GPOs) apply to a given user or computer, they can contain conflicting policy settings. For most policy settings, the final value of the policy setting is set only by the highest precedent GPO that contains that setting. RSoP helps you understand and identify the final set of policy that is applied as well as settings that did not apply as a result of policy inheritance.

Specifically, Resultant Set of Policy helps you determine the following:

  • The final value of the setting that is applied as a result of all the GPOs.

  • The final GPO that set the value of this setting (also known as the winning GPO).

  • Precedence details that show any other GPOs that attempted to set this setting and the value that each GPO attempted to set for that policy setting.

Example showing precedence

Assume that there are three GPOs, GPO-A, GPO-B, and GPO-C, that all apply to the same user. GPO-A has precedence over GPO-B, which has precedence over GPO-C. Each GPO has been configured to set a desktop background. GPO-A sets the value to "Red Moon Desert." GPO-B sets it to "Bliss." GPO-C sets it to "Windows XP." The resultant set of policy data in this example shows that when these three GPOs are applied to a user, the following results occur:

  • The background will be set to "Red Moon Desert."

  • This background value was set by GPO A because it had highest precedence

  • GPO-B attempted to set the background to "Bliss" and GPO-C attempted to set it to "Windows XP". The precedence was GPO-A, followed by GPO-B, followed by GPO-C.

RSoP in Group Policy Management Console

The Group Policy Management Console (GPMC) exposes two different resultant set of policy capabilities that are provided by Windows:

Group Policy Results

This represents the actual policy data that is applied to a given computer and user. It is obtained by querying the target computer and retrieving the RSoP data that was applied to that machine. The Group Policy Results capability is provided by the client operating system and requires Windows XP, Windows Server 2003 or later. Outside of GPMC, Group Policy Results is referred to as RSoP - logging mode.

Group Policy Modeling

This is a simulation of what would happen under circumstances specified by an administrator. Group Policy Modeling requires that you have at least one domain controller running Windows Server 2003 because this simulation is performed by a service running on a domain controller that is running Windows Server 2003. With Group Policy Modeling, you can either simulate the RSOP data that would be applied for an existing configuration, or you can perform "what-if" analyses by simulating hypothetical changes to your directory environment and then calculating the RSOP for that hypothetical configuration. For example, you can simulate changes to security group membership, or changes to the location of the user or computer object in Active Directory. Outside of GPMC, Group Policy Modeling is referred to as RSoP - planning mode.

In GPMC, resultant set of policy data is obtained using Group Policy Modeling or Group Policy Results wizards. GPMC provides an HTML report of the RSoP data. This report shows the final value of the winning settings and the winning GPO that set that value. When you create a Group Policy Modeling or Group Policy Results report, the report is shown in GPMC under the appropriate node. Right-clicking this report and choosing Advanced View opens the RSoP snap-in, which provides additional information, enabling you to verify precedence for a policy setting. The Precedence tab, available from the dialog box for a policy setting, shows all GPOs that attempted to set a particular setting and the value for each GPO.

RSoP and WMI

RSoP relies on Windows Management Instrumentation (WMI) for storing and processing information about the policy settings that apply. When Group Policy is processed on a Windows XP or Windows Server 2003 computer, the relevant data is stored in the local WMI repository.

In logging mode, the Group Policy Results feature queries the WMI repository on the target computer, obtains information about the policy settings, and displays it in either the HTML presentation or in RSoP MMC snap-in.

In planning mode, the Group Policy Modeling feature calls the Resultant Set of Policy Provider Service on a domain controller. Administrators use the Group Policy Modeling wizard to specify information about the simulated policy environment such as the target user and computer, membership in security groups, and so forth. The RSOP provider service then simulates the resultant set of policy for this configuration. The results of this simulation are stored to a local WMI database on the domain controller before the information is passed back to GPMC, where it can be easily viewed by the administrator.

See Also

Community Additions

© 2016 Microsoft