Group Policy, Group Policy Object and RSoP Explained

-

|

Introduction

This guide gives an overview of Group Policy, RSoP (Resultant Set of Policy) and Group Policy Objects.

Acronyms used in this guide:
GP – Group Policy
RSoP – Resultant Set of Policy
GPOs or GP Objects – Group Policy Objects
GPMC – Group Policy Management Console
GP Settings – Group Policy Settings

What is Group Policy (GP)?

Group Policy is a Microsoft infrastructure tool that provides centralized management and configuration of user and computer settings. Group Policy does this through Group Policy settings and Group Policy Preferences.

The beauty of GP is that it provides administrators centralized management and control. For example, an administrator can enforce a password complexity policy. Or modify specific settings of domain-joined computers.

Advertisement

Group Policy Management Console (GPMC)

Group Policy, Group Policy Object and RSoP Explained

Group Policy Management Console (GPMC) is the tool used to create GPOs. GPOs are the actual objects where the administrator sets the policies that control users and computer settings.

Below are some of the things you can do with GPMC:

  • Create new and edit existing GPOs
  • Export existing GPO and import GPOs.
  • Also, copy, paste, backup and restore GPOs
  • Create GPO reports, including RSoP reports

RSoP (Resultant Set of Policy)

RSoP is a report of group policy settings applied to users and computers. You can use RSoP.mmc to get RSoP for a local computer. To get RSoP information for a remote computer, use GPResult command line.

GPResult displays the Resultant Set of Policy (RSoP) information for a local or remote user and/or computer. To learn how to use GPResult Command, click GPResult Command: Syntax, Parameters, Examples.

How to Use RSoP.mmc to Get Applied GPOs

  • Log on to the computer with an admin account.
  • Next, hold the Windows logo key and R, to open Run. When Run opens, type RSoP.msc and click Ok. RSoP will start gathering the information (see the second image below the Sponsored Content).
Group Policy, Group Policy Object and RSoP Explained
Advertisement

Group Policy, Group Policy Object and RSoP Explained
  • When it finishes, it will display a report similar to the image below.

Generating the policies applied to a computer is useful for troubleshooting and resolving group policy issues. It will help determine what polices are applied or not applied to a user or a computer.

Understanding RSoP.mmc Results

The result generated by RSoP.mmc has two parts, Computer Configuration and User Configuration.

The results are similar to the settings in a typical GPO. But the result only shows settings applied to the computer or user.

As an example, when I click the Computer Configuration\Software Settings node, it is blank. This is because no policy setting was applied to the computer from the settings in this node.

As I said earlier, you can use RSoP results to troubleshoot GPOs. Say you created password policies and applied the GPO to an OU. You have confirmed that a particular computer is in the OU where the GPO is applied. But when you check the computer, the password policy does not apply.

To see the password policies applied to this computer, in the RSoP result, expand \Computer Configuration\Windows Settings\Security Settings\Account Policy. Then click Password Policy. On the right hand side of the console, you can review the password policies applied to this computer.

Tip
There are other factors that may help you determine why a GPO is not applied to a user or a computer. See the next section for details.

Group Policy Objects (GPOs)

A GPO is is a collection of user and computer settings that defines the permissions, behavior and configuration of users or computers the GPO is applied to.

A GPO can be applied at the Domain, Organizational Unit or Site container level.

When you apply a GPO to a container, all objects in that container inherits the policies defined in the GPO settings.

Tip
Objects inhering GPO polices may also be affected by other configurations like Block Inheritance or No override (more on this below).

To apply a GOP to a Domain, OU or site you can create a new GPO or link an existing one.

Enforced, Block Inheritance and GPO Priority

Earlier in this guide, I said that GPOs can be applied to Sites, Domains and Organizational Units (OUs). When you apply a GPO to a container, all objects within the container should apply the GPO settings. But there is a caveat.

There are two GPO settings that affect whether a GPO may be applied to an object or not – Enforced and Block Inheritance. If you do not want higher GPO links to apply to a child container, you can enable Block Inheritance. But if you want to force top level GPOs on child containers, enable Enforced on the higher level GPO.

When a GPO is set to Enforced, it overrides Block Inheritance. This means that Enforced policies takes precedence over Block Inheritance policies.

Tip
Block Inheritance is set at a child container to stop all GPOs in upper higher containers applying to the child container. But if you enable Enforced at the top level GPO, it overrides Block Inheritance set at the child container.

To set Enforced, right-click the top level GPO. Then click Enforced.

To set Block Inheritance, right-click the lower level container. Then click Block Inheritance.

GPO (Group Policy Object) Processing Order

GPO processing is based on a last writer-wins model. This means that a GPO applied later takes precedence over GPOs applier earlier.

GPOs are applied in this order:

  • The local Group Policy object is applied first
  • Then GPOs linked to sites are applied next
  • Followed by GPOs linked to domains
  • Finally, GPOs linked to organizational units (OUs) are applied last
Tip
Except Enforced is enabled at the Site or Domain level, a GPO applied at the OU is applied to an object. This information is very useful for troubleshooting purposes.

To view the Group Policy precedence order of a container:

  • Highlight the container (click on it). On the right hand side, click the Group Policy Inheritance tab.
Advertisement

Conclusion

In this guide I covered Group Policy, RSoP (Resultant Set of Policy) and Group Policy Objects. I hope this has improved your knowledge of Group Policy.

If you have any question or comment use the “Leave a Reply” form at the end of the guide. Alternatively, share your experience with configuring, managing and troubleshooting Group Policies and GPOs.

Other Helpful Guides

Additional Resources and References

LEAVE A REPLY

Please enter your comment!
Please enter your name here

FEATURED POSTS

How to Share a Folder in Windows 10 (3 Methods)

Introduction This guide demos how to share folder in windows 10. It covers 3 methods. Options...

How to Map Network Drive in Windows 10 (5 Methods)

Introduction This guide demos 5 methods to Map Network Drive in Windows 10. Options to...
How to Install Windows 10 1909 Preview Build

How to Install Windows 10 19H2 Preview Build

Introduction If you are a member of Windows 10 Insider Program you can install Windows 10 19H2 Preview Build....

How to Sign in to Windows 10 with a Microsoft Account

Introduction When you installed Windows 10 you may have created and signed in with a local account. You can...
Disable IPv6 in Windows 10

How to Disable IPv6 in Windows 10 (3 Methods)

Introduction This guide demos 3 methods to disable IPv6 in Windows 10: Disable IPv6 from...

Advertisement

TRENDING POSTS

Remote Desktop Connection

Remote Desktop Connection an Internal Error Has Occurred [Fixed]

Introduction I recently received the error message "Remote Desktop Connection an Internal Error Has Occurred". It was strange because...

Find My Samsung: Register and Use Samsung Find my Mobile

Introduction Ever wondered how you could find your Samsung phone if you lost it? Find my Samsung or Samsung...
What is the Difference Between PowerShell and CMD?

Windows Powershell vs CMD: Differences and Similarities

Introduction This short guide compares Windows PowerShell vs CMD (Windows command prompt). I will cover the history and nature...
Spotify No Longer Supports this Version of Microsoft Edge

Spotify No Longer Supports this Version of Microsoft Edge [Fixed]

Introduction When you open Spotify web player on Microsoft Edge, you may receive the error message "Spotify No Longer...
Windows 10 Won't Boot

Windows 10 Won’t Boot With Black Screen? 3 Ways to Fix It

Why Won't Windows 10 Boot Up? If your Windows 10 stops with a black screen, the first question in...

Advertisement

BEST OF ITECHGUIDES

DISM Host Servicing Process (DismHost.exe)

Dism Host Servicing Process (DismHost.exe), a Malware?

Introduction There are conflicting information about Dism Host Servicing Process (DismHost.exe). Some say it is a genuine Windows process,...
turn on battery saver

7 Ways to Save Battery on Samsung Galaxy S9

Introduction Battery lifetime is arguably the biggest problem facing smartphone users today. This guide shows 7 ways to turn...
preparing to configure windows stuck

How to Fix Windows 10 Stuck at “Preparing To Configure Windows..”

Introduction Here is how this plays out: Windows update notifies you of available updates. You download and install them....
RAID 4 Featured image

RAID 4 (Redundant Array of Independent Disks) Explained

What is RAID 4? RAID 4 is a RAID configuration that uses block-level striping across multiple disks with a...
powershell get ad group members

PowerShell Script to Get Active Directory Group Members

Introduction This guide is a hands-on step by step showing how to write a Powershell script to Get AD...

RECENT POSTS

How to Enable Hyper-V in Windows 10 (3 Methods)

How to Enable Hyper-V in Windows 10 (3 Methods)

Introduction This guide demos 3 methods to enable Hyper-V in Windows 10. To install Hyper-V...
RSAT Tools in Windows 10 Explained: Plus How to Install RSAT

RSAT Tools in Windows 10 Explained: Plus How to Install RSAT

Introduction Starting from October 2018 (1809) update, RSAT Tools became part of Windows 10. From this version of Windows...

How to Enable RSAT for Active Directory in Windows 10 (3 Methods)

Introduction This guide demos 3 methods to enable Active Directory in Windows 10. It is not exactly enabling "Active...
How to Install Windows 10 1909 Preview Build

How to Install Windows 10 1909 (19H2) Preview Build

Introduction Windows 10 1909 Preview is available for Windows Insiders. Made available early September, 2019 you have to be...
How to Install RSAT in Windows 10 (3 Methods)

How to Install RSAT in Windows 10 (3 Methods)

Introduction This guide demos how to Install RSAT in Windows 10. Starting with Windows 10...

How to Share a Folder in Windows 10 (3 Methods)

Introduction This guide demos how to share folder in windows 10. It covers 3 methods. Options...
Configure Map Network Drive with Group Policy

Map Network Drive in Windows 10 with Group Policy

Introduction This guide demos how to map network drive with group policy. This guide is...

How to Map Network Drive in Windows 10 (5 Methods)

Introduction This guide demos 5 methods to Map Network Drive in Windows 10. Options to...
How to Download Windows 10 ISO with Media Creation Tool

How to Download Windows 10 ISO with Media Creation Tool

Introduction This guide demos the steps to download Windows 10 ISO. You can download Windows 10 ISO with Media...

How to Install Windows 10 from Network Boot (Via WDS Server)

Introduction This guide demos how to install Windows 10 from network boot. The steps discussed in...

Advertisement

MUST READ

0xc000021a server 2016

4 Quick Fixes for 0xc000021a Stop Error in Windows Server 2016

Introduction There are two known causes of 0xc000021a error in Server 2016: Recently installed a...
Windows defender blocked by Group Policy

Windows Defender Blocked by Group Policy [Fixed]

Introduction If you receive the error message Windows Defender is blocked by group policy, your computer may have been...
Disable IPv6 in Windows 10

How to Disable IPv6 in Windows 10 (3 Methods)

Introduction This guide demos 3 methods to disable IPv6 in Windows 10: Disable IPv6 from...

How to Create System Image in Windows Server 2016

Introduction This guide demos how to create system image in Server 2016. Steps to Create...
Microsoft Edge is not in group policy

How to to Make Microsoft Edge Policy Available in Group Policy

Introduction When I was writing How to Set Homepage in Microsoft Edge I realized that Microsoft Edge is not...

By using this website you agree to accept our Privacy Policy and Terms & Conditions