Group Policy Results (Administering Group Policy with Group Policy Management Console)
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
This feature allows administrators to determine the resultant set of policy that was applied to a given computer and (optionally) user that logged on to that computer. The data that is presented is similar to Group Policy Modeling data, however, unlike Group Policy Modeling, this data is not a simulation. It is the actual resultant set of policy data obtained from the target computer. Unlike Group Policy Modeling, the data from Group Policy Results is obtained from the client, and is not simulated on the DC. The client must be running Windows XP, Windows Server 2003 or later. It is not possible to get Group Policy Results data for a Windows 2000 computer. (However, with Group Policy Modeling, you can simulate the RSoP data).
Note
Technically, a Windows Server 2003 DC is not required to access Group Policy Results. However, by default, only users with local admin privileges on the target computer can remotely access Group Policy Results data. This can be delegated to additional users (as previously described), however, the ability to delegate RSoP data is only available in Active Directory forests that have the Windows Server 2003 schema (for example, you have run ADPrep /ForestPrep) in that forest.
Each Group Policy Results query is represented by a node in the tree view under the Group Policy Results container. Each node has three tabs:
Summary – this is analogous to the information shown for the corresponding tab on a Group Policy Modeling node. In particular, this page shows the component status for the various Group Policy extensions. This information tells you whether there were any issues with a particular extension and is a good place to begin troubleshooting.
Settings – this is analogous to the information shown for the corresponding tab on a Group Policy Modeling node.
Events – this tab shows all policy-related events from the target computer (see Figure 29). Note that to gather this data, the user performing the query must have access to remotely view the event log. By default, this access is granted to all users on Windows XP, but not on Windows Server 2003. This data is useful for troubleshooting Group Policy issues. For example if the summary report indicates that a particular Group Policy component failed to process, you may be able to determine why by looking for errors and warnings in the event log.
.gif "1e378a88-549e-4171-9a7e-908ce9c1d110")
Figure 29