How to use the gpresult PowerShell command

What is the gpresult command?

The gpresult command is a Windows PowerShell command that displays the resultant set of polices (RSoPs) in a user or computer environment. This command fetches the Group Policy settings that will be applied to a user or computer object, including security settings, administrative templates, and more.

The gpresult command applies to Windows Server versions 2022, 2019, 2016, 2012 R2, and 2012, and is helpful in troubleshooting and validating Group Policy deployments. It helps administrators identify which policies are applied, detect conflicts, and diagnose issues with policy inheritance or precedence. Administrators can also use it to audit security settings, confirm policy compliance, and more.

How to run the gpresult command

To run the gpresult command:

• Open Command Prompt or PowerShell as an administrator.
• Execute the gpresult command along with the desired parameter to get the output.
• Analyze the results and take appropriate actions.

The following is an example of how the gpresult command can be used to display a summary of policies applied on a user or computer:

Click to copy the script.

Supported parameters

Here's how the gpresult command can be used along with its parameters:

Syntax	Description
gpresult /r	The /r parameter when used retrieves the RSoPs on a computer and user account.
gpresult /s <computer name>	The /s <computer name> parameter displays the settings and Group Policy information on a remote computer or server.
gpresult /scope {user | computer}	The /scope {user | computer } parameter fetches the settings applied to a specific computer or user.
gpresult /v	The /v parameter displays the verbose information in the system.
gpresult /h <\filename>	The /h <filename> parameter allows the output to be exported in HTML format.
gpresult /z	The /z parameter displays all available information about Group Policies.
gpresult /?	This /? parameter displays help information.

Examples of using the gpresult command

Example 1: Check policies applied on a specific user

Click to copy the script.

Example 2: Export results to an HTML file

Click to copy the script.

Example 3: Check policies applied on computers

Click to copy the script.

Example 4: Get remote computers

Click to copy the script.

Troubleshooting gpresult issues

The following are some issues that you might encounter while using the gpresult command and here's how you can troubleshoot them:

• Access denied
  If gpresult /h returns access denied, run Command Prompt as Administrator and save the report in a permitted location like C:\Users\Public. If gpresult /scope computer also results in access denial, ensure you have administrative privileges.
• GPO not showing in gpresult
  If GPOs are not displayed, it may be due to incorrect linking, filtering, or policy application delays. Ensure that the device is connected to the domain and force a policy update. Additionally, verify that the GPOs are linked and adjust filtering settings if necessary.
• No data available
  If gpresult shows no data available, check if policies are applied and run gpupdate /force, and restart the computer.
• Expected results are not displayed
  If gpresult does not display expected results, it may be due to connectivity, permissions, or policy application issues. If computer policies are not showing, ensure the device is connected to the domain, and then run the gpupdate /force command. If GPOs are still missing, verify they are linked and check for filtering.

Finding resultant set of policies using ADManager Plus

ADManager Plus is an IGA solution that helps administrators efficiently manage and generate reports on their Active Directory, Microsoft 365, and Google Workspace environments. Unlike PowerShell scripts and Active Directory Users and Computers, ADManager Plus offers an intuitive interface that simplifies and streamlines Active Directory management and reporting. As a GPO management and reporting tool, ADManager Plus enables administrators to manage and gain insights on GPOs and their settings. It includes predefined options to manage, link, copy, migrate, and force update GPOs, along with a variety of GPO reports on GPO scope, settings, status, and more.

ADManager Plus offers a Resultant Set of Policy report, using which administrators can view and understand all Group Policy settings applied to a specific user or computer, without using complex scripts. Here's how to generate the report:

1. Log in to ADManager Plus and navigate to the Reports tab.
2. In the left pane, click GPO Reports > GPO Settings Reports > Resultant Set of Policy.
3. Select the desired domain, computer, or user whose Group Policy settings you would like to view.
4. Check the Display Computer Settings and Display User Settings options based on the object that you have selected and click Generate.
5. A list of all the applied policies will be displayed.

Here's how you can manage and report on your GPOs with ADManager Plus:

• Manage GPOs: Enable, disable, or delete GPOs; manage GPO links; copy GPOs; and edit GPO settings.
• Migrate GPOs: Seamlessly migrate GPOs across forests in your Active Directory domains.
• Enforce GPOs: Modify enforcement options for GPO links, and block or unblock the inheritance of GPO links.
• Update GPOs: Force-update GPOs in the click of a button.
• GPO reports: Identify recently modified GPOs and linked Active Directory objects, compare GPOs and their settings, and more.

Try ADManager Plus Now