A. The GPMC has an intuitive interface for performing RSOP logging to see what Group Policy Objects (GPOs) are being applied to a specified user on a specified computer.

1. Right-click Group Policy Results, and select Group Policy Results Wizard from the context menu. The wizard will launch. Click Next.

2. The first screen requiring configuration asks you to select the computer that the resultant policy should be focused on. Group Policy is based on the user and the computer account, with the computer account existing in a location in Active Directory (AD) both in OUs and sites. Also, computers have physical attributes such as disk space and processor that might affect WMI Filtered policies. The dialog box lets you specify the local computer (which works if you’re running GPMC on the machine you want to test) or select “Another computer” and browse to the computer you want to perform RSOP against. Another option is to select the “Do not display policy settings for the selected computer in the results,” which will ignore all computer-based settings and just return results around the User Configuration.

3. The next screen displays a list of the users of the machine and those domain users that have locally logged on to the target machine. As with the previous screen, you can also select to ignore User Configuration settings and instead just display the Computer Configuration settings. Click Next.

4. A confirmation of the settings appears, confirming the computer and user names and the settings to display. Click Next to start the analysis.

5. Once the analysis is complete, click Finish to display the output, which is the format of a report under the Group Policy Results node.

6. The Group Policy Results breaks down the information about the GPO for the user and computer. When the report is selected, you’ll see three tabs. The Summary tab is an HTML report with information about the GPOs that were applied, the Security memberships that were used for the application of GPO, and WMI filters that were applied and their return status. The Summary information is useful, and seeing the denied GPOs will help troubleshoot GPO problems. The Settings tab is the same for selecting a normal GPO except it’s showing the combined settings of all the applicable GPOs. The Policy Events tab scans the computer for all events related to Group Policy, which helps troubleshoot in the event Group Policy isn’t working correctly.

If changes to settings or Group Policy might affect the user or computer, you can right-click the results and select Rerun Query from the displayed context menu. Doing so uses the values already entered but re-evaluates the GPOs, security, and so on. Also, note that you can right-click the result and save the data to a file for viewing offline or mailing to other parties.