<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

How to find Active Directory Group Policy (GPO) that applies a particular setting

Published on
20,302 Points
2,402 Views
9 Endorsements
Last Modified:
Shaun Vermaak
My name is Shaun Vermaak and I have always been fascinated with technology and how we use it to enhance our lives and business.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.


Suppose we have a computer to which we cannot Remote Desktop to but we are unsure which policy configured this.

This article shows the method of using the Resultant Set of Policy Tool to locate these settings with ease.


Please Note: You can also use the command line tool GPResult. Some settings will only display in GPResult

gpresult /h %temp%\GPResult.html & %temp%\GPResult.html


1.pngStep 1) Open RSOP.msc and change query to the user and computer to which the setting, Allow log on through Remote Desktop Services is this case, is applied to


From the Properties Menu on the root of the RSOP tree, select Change Query

1a.pngFrom the Resultant Set of Policy Wizard specify the computer to generate RSOP report for. If the RSOP is for the local computer, select the This computer option and click Next

1b.pngFrom the Resultant Set of Policy Wizard specify the user to generate RSOP report for. If the RSOP is for the current computer, select the Current user option and click Next, Next and Finish

1c.pngStep 2) From the Resultant Set of Policy Main Screen (1), browse to the setting to which the Group Policy is unknown, Allow log on through Remote Desktop Services (2) is this case. As seen below, this setting originates from the Problematic GPO (3)

2.pngStep 3) Editing GPO Problematic GPO via Group Policy Management Editor shows that indeed, the setting is part of this policy

3.pngPlease do not forget to press the "Thumb's Up" button if this article was helpful and valuable for EE members.

It also provides me with positive feedback. Thank you!

9
Comment
0 Comments

Featured Post

CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

Join & Write a Comment

This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month