Hi, this is Jeremy Moskowitz from GPanswers.com and today I am going to show you all about Group Policy Reporting.
The first thing is that if you have some Group Policy Objects set up. For instance, I only have this one new one called Create a New Shortcut. If I were to go over to my XP machine and run gpresult, it is a very powerful command. It lets you know what the sum total of all the settings you are supposed to get on your client machines. For instance, if we take a look here, I can see on the computer side I've got these GPO’s. I’ve got the Default Domain Policy. That creates a new shortcut, which we just talked about. It says that it is filtered out and it says that it is filtered out on the computer side because there are no computer side entries in that GPO.
If we look at the users side we will see the same information here but differently formed, because these are what effects my User side has. On the user side we get Create a New Shortcut. That makes sense because there are some user side settings in there, and there is some other stuff that is filtered out because there is nothing on the user side there. That is what we get on an XP machine.
If we go over to a Windows 7 machine, and we run gpresult, uh oh, we get prompted that the same command is not exactly the same on a Windows 7 machine. We have to run gpresult /r for regular RSOP data, which stands for Resultant Set of Policy data. Now you see we get a similar result here. I do want to put a fine point on this, the only reason I am able to see computer side, is because I am an administrator. If you were trying to do this as a regular user, you would not see the computer side stuff. It is blocked from a regular user’s seeing. The GPO’s that affect their computer, it is a little weird, but that is the way it works. On the User side however, we can see sure enough, I have created a new Shortcut, which is kind of nice.
The next thing I want to do is show you this idea called Group Policy Results. Group Policy Results is a great utility that lives inside the Group Policy Management Console. You can remote grab what is going on in somebody’s machine. So I can right click, run the Group Policy Results Wizard. If I were to go to another computer, maybe \\win7computer1, it says, “Uh oh, I would like to help you, but the RPC server is unavailable”, which is really fancy talk for just saying, “The firewall is on.”
I am going to completely disable the firewall just for this demonstration. In real life you would not do this. In real life what you would do is you would poke just the required holes through the Firewall. But, just for the purposes of showing you how this works, I am going to turn the firewall off, and again, you would not want to do this in real life. I have gone ahead and done that. Let me go back over to my GPMC and now the very next time I try to click through, boom. Now, I got that because the firewall was on. I turned the firewall off and now I am able to sail through.
Now you can see I have Win7Computer1\student there so let’s go ahead, actually, no I will use the Administrator account that makes more sense. Go ahead and check out what is going on with that person on that computer. Go ahead and click Next and we get a beautiful report. By the way, the report passes through Internet Explorer so you get that kind of annoying configuration thing but look what you get. You see that on the Users side you have applied Group Policy, and created a new shortcut, which is nice. You can also see the sum total of all the settings that appear on the machine and if there are any Policy Events, any weird stuff that went on you can actually pull that information right out of the Event Viewer.
That is it. That is all about Group Policy reporting for now. Thank you very much.