A. There's no capability in standard Group Policy or the Group Policy Management Console to run a server-side report of Group Policy application, because clients pull Group Policy Objects—they're not pushed and applied by the server.

One option is to use GPResult on the client. (GPResult is part of both server and client OSs—you don't need to install anything.) It lists all applied policies then parses that with a script and reports back to a database. However, you need some custom scripting to do this.

Another option, if you have some kind of desktop management tool, is to use desired configuration capabilities, such as Desired Configuration Management in System Center Configuration Manager 2007. Desired Configuration Management lets you specify configuration items that should be applied to a machine, such as policies, and then report if a machine falls out of that desired configuration. You could then report on machines that don't have the policy.

There are third-party tools, such as GPExpert Group Policy Health Cmdlet, that can also help report on Group Policy application.