Generating Various Types of Group Policy Reports

On an Active Directory Domain with multiple GPOs in place, it’s nice having a way that can generate reports in various situations.

Group Policies applied to my account and computer

There is a built-in tool called Resultant Set of Policy (rsop.msc) that scans all active policies and displays them all in a window similar to Group Policy Editor. You will need to go through the list to find out all the policies applied to your account and computer.

Resultant Set of Policy

There is also a built-in command line called GPResult that you can also use to collect all the policies applied in place.

gpresult /scope user /v

This is to search and show all the active policies applied to the current user. To find all policies applied to the PC, run the following instead in an elevated Command Prompt window.

gpresult /scope computer /v

Group Policies applied to a remote computer and user

To get all the policies applied to a remote computer:

GPResult /s computer-name /scope computer /v

To get all the polices applied to a remote user on a remote computer

GPResult /s computer-name  /user username /scope user /v

GPOs applied to my account and computer

Same command as above but with a different switch.

GPResult /scope user /r
GPResult /scope computer /r
GPResult /s computer-name /user username /scope user /r
GPResult /s computer-name /scope computer /r

Policies set in a specific GPO

That’s where PowerShell shines.

Get-GPOReport -Name "GPO-Name" -ReportType HTML -Path "Path\report.html"

It generates a report in HTML format for the specified GPO and save it in the specified location.

Policies set in all GPOs in the domain

Get-GPOReport -All -ReportType HTML -Path "path\all-gpo.html"

A full list of GPOs in the domain

Simply use Get-GPO cmdlet.

Get-GPO -All

Leave a Reply

Your email address will not be published. Required fields are marked *